- Description
- The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
- Source
- contact@wpscan.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 5.2
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
CVE-2024-12311 01/06/2025 06:15:06 AM BaseSeverity: MEDIUM The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statemen... https://t.co/4eCfFBKVUu
@CVETracker
6 Jan 2025
29 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12311 SQL Injection Vulnerability in Email Subscribers Plugin Below 5.7.44 Icegram Express Email Subscribers WordPress plugin before version 5.7.44 does not sanitize and escape a parameter properly in a ... https://t.co/pAaSGEQKAl
@VulmonFeeds
6 Jan 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes