Email Subscribers & Newsletters <= 4.1.7 - SQL Injection



Description
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.

Affects Plugin

fixed in version 4.1.8

References

CVE 2019-13569
URL https://fortiguard.com/zeroday/FG-VD-19-095
URL https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html
URL https://plugins.trac.wordpress.org/changeset/2124040/email-subscribers

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Tin Duong of Fortinet’s FortiGuard Labs, WordPress Plugin Review Team & Ihor Voschyk
Views 3015
Verified No
WPVDB ID 9467

Timeline

Publicly Published 2019-07-22 (3 months ago)
Added 2019-07-22 (3 months ago)
Last Updated 2019-08-29 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin