Email Subscribers Plugin Vulnerable to SQL Injection
CVE-2024-4295
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 5 June 2024
Badges
What is CVE-2024-4295?
The Email Subscribers Plugin by Icegram Express for WordPress is vulnerable to SQL Injection through the 'hash' parameter, potentially allowing unauthenticated attackers to extract sensitive information from the database. The AdminLTE 3.1.0 software also has a directory traversal vulnerability, which can be exploited by remote attackers to gain escalated privileges and view sensitive information. There are no known exploits for these vulnerabilities by ransomware groups at this time.
News Articles
Cyber Security InformerCVE-2024-4295Top Cyber Security Informer Security Intelligence Big data Content for Wed.Jun 05, 2024
Best content around Security Intelligence Big data selected by the Cyber Security Informer community.
linuxpatch.comCVE-2024-4295Understanding CVE-2024-4295: Critical SQL Injection Vulnerability in Email Subscribers Plugin
A critical SQL Injection vulnerability has been identified in the Email Subscribers by Icegram Express plugin for WordPress, posing significant security risks.
prophaze.comCVE-2021-36471 : CVE-2021-36471ADMINLTE 3.1.0 /ADMIN/INDEX2.HTML PATH TRAVERSAL - Cloud WAF
CVE-2021-36471 : Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs.
References
EPSS Score
93% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π°
Used in Ransomware
- πΎ
Exploit known to exist
- π°
First article discovered by prophaze.com
Vulnerability published