CVE-2024-6172 — AI Deep Analysis Summary

🚨 **Essence**: Time-based SQL Blind Injection in `db` parameter. 📉 **Consequences**: Full database compromise, data theft, and system integrity loss. Critical impact on confidentiality, integrity, and availability.

🛡️ **Root Cause**: CWE-89 (SQL Injection). ⚠️ **Flaw**: Unsanitized input in the `db` parameter allows attackers to inject malicious SQL logic, exploiting time delays to extract data.

🎯 **Affected**: WordPress Plugin: **Email Subscribers by Icegram Express**. 📦 **Version**: v5.7.25 and **all prior versions**. 🏢 **Vendor**: Icegram.

💀 **Attacker Actions**: Extract sensitive data (users, emails, configs). 🔄 **Privileges**: High impact (CVSS H). Can manipulate database content, potentially leading to full site takeover or massive data leaks.

⚡ **Threshold**: **LOW**. 🚫 **Auth**: No authentication required (PR:N). 🌐 **Access**: Network accessible (AV:N). Simple, low-complexity exploitation (AC:L).

📜 **Public Exp?**: No specific PoC code provided in data. 🌍 **Wild Exploitation**: Likely high due to low barrier to entry (No auth, simple vector). WordFence has tracked it as a threat.

🔍 **Self-Check**: Scan for plugin version `Email Subscribers` < 5.7.25. 🛠️ **Tools**: Use WPScan or manual parameter fuzzing on `db` inputs to detect time-based delays.…

✅ **Fixed?**: Yes. 📢 **Patch**: Update to version **> 5.7.25**. 🔗 **Source**: Official WordPress plugin repository and vendor updates. Changeset 3107964 addresses the issue.

🚧 **No Patch Workaround**: Disable the plugin immediately if update is impossible. 🚫 **Block**: Restrict access to plugin endpoints via WAF. 🧹 **Audit**: Review database logs for suspicious time-delay queries.

🔥 **Urgency**: **CRITICAL**. 🚨 **Priority**: Patch **IMMEDIATELY**. High CVSS score (H/H/H) + No Auth required = High risk of automated exploitation. Do not delay.