Security for everyone

CVE-2024-2876 Scanner

CVE-2024-2876 scanner - SQL Injection vulnerability in Wordpress Email Subscribers by Icegram Express

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Toolbox

-

Wordpress Email Subscribers by Icegram Express is a popular plugin used by WordPress and WooCommerce websites for email marketing, newsletters, and automation. It allows users to manage and send email campaigns, automate email sequences, and create subscription forms. The plugin is commonly used by bloggers, small businesses, and e-commerce sites to engage with their audience. Its ease of use and integration with WordPress makes it a preferred choice for many. However, like all software, it is essential to ensure it is secure from vulnerabilities.

The SQL Injection vulnerability in the Email Subscribers by Icegram Express plugin allows attackers to inject malicious SQL queries into the database. This can be exploited by unauthenticated users to extract sensitive information from the database. The vulnerability exists due to insufficient escaping of user-supplied parameters in SQL queries. It affects all versions of the plugin up to and including 5.7.14.

The vulnerability is found in the 'run' function of the 'IG_ES_Subscribers_Query' class. The issue arises because user-supplied parameters are not properly escaped, and the existing SQL queries are not sufficiently prepared. This allows attackers to append additional SQL queries into the existing ones. The vulnerable endpoint is '/wp-admin/admin-post.php', where the 'advanced_filter' parameter is exploited. Attackers can use this to manipulate the SQL queries and retrieve data from the database.

If exploited, this vulnerability can lead to significant data breaches. Attackers can access sensitive information, including user credentials, emails, and other personal data stored in the database. It can also compromise the integrity and availability of the database, potentially leading to data loss or corruption. This poses a severe risk to the affected website's security and the privacy of its users.

By using SecurityForEveryone, you can proactively identify and mitigate vulnerabilities in your digital assets. Our platform provides comprehensive scans and detailed reports, helping you stay ahead of potential threats. Protect your website, maintain your reputation, and ensure the safety of your users' data with our robust security checks. Join us today to leverage our advanced scanning capabilities and expert insights to keep your online presence secure.

References:

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture