Email Subscribers by Icegram Express WP plugin vulnerable to SQL injection
Take action: If you are using "Email Subscribers by Icegram Express", upgrade to versions 5.7.15 at minimum or to the latest release, 5.7.19. Also, make sure you activate automatic updates for plugins. The patch is very fast, no point in delaying it.
Learn More
The critical security vulnerability, CVE-2024-2876, (CVSS score 9.8) is affecting the "Email Subscribers by Icegram Express" WordPress plugin. The flaw is an SQL injection vulnerability that could allow attackers to execute SQL queries in the affected WordPress databases without authentication. Over 90,000 websites use this plugin and are at risk.
The affected versions of the plugin are all versions up to and including 5.7.14. The vulnerability is caused by inadequate handling of user-supplied parameters and poorly prepared SQL queries within the 'run' function of the 'IG_ES_Subscribers_Query' class.
Users are advised to upgrade "Email Subscribers by Icegram Express" to version 5.7.15 or the latest release, 5.7.19, and activate automatic updates for plugins.
