cleantalk
Vulnerabilities and Security Researches

Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce, CVE-2019-19982

CVE, Research URL

CVE-2019-19982

Home page URL

Security reports for Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce

Application

Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce

Published on
Dec 26, 2019
Research Description
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send a /wp-admin/admin-post.php?es_skip=1&option_name= request.
Affected versions
Min -, max 4.2.3.
Status
vulnerable
Previous vulnerability researches
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2024-5756) , Jun 22, 2024
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2024-12567) , Jan 14, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2024-12566) , Jan 14, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2024-11636) , Jan 14, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2024-12568) , Jan 14, 2025
New vulnerability
WordPress Job Board and Recruitment Plugin – JobWP (CVE-2025-2010) , Apr 20, 2025
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025