Email Subscribers & Newsletters <= 4.1.7 - SQL Injection



Description
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.

Affects Plugin

fixed in version 4.1.8

References

CVE 2019-13569
URL https://fortiguard.com/zeroday/FG-VD-19-095
URL https://plugins.trac.wordpress.org/changeset/2124040/email-subscribers

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Tin Duong of Fortinet’s FortiGuard Labs, WordPress Plugin Review Team & Ihor Voschyk
Views 1925
Verified No
WPVDB ID 9467

Timeline

Publicly Published 2019-07-22 (27 days ago)
Added 2019-07-22 (26 days ago)
Last Updated 2019-07-25 (23 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin