SQL Injection Vulnerability in Icegram Express Email Marketing Plugin for WordPress & WooCommerce

CVE-2024-6172

Summary

The Email Subscribers by Icegram Express plugin for WordPress and WooCommerce is susceptible to a time-based SQL Injection vulnerability. This issue arises due to inadequate escaping of the 'db' parameter and insufficient query preparation, allowing unauthenticated attackers to inject additional SQL queries. Exploiting this vulnerability could enable attackers to retrieve sensitive information from the database by appending malicious SQL commands to existing queries, posing a significant risk to the integrity and confidentiality of user data.

References