Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress, with AI-generated Chinese analysis, references, and POCs.

This page aggregates known vulnerabilities for the Email Subscribers & Newsletters plugin, a WordPress email marketing, post notifications, and newsletter solution. It specifically focuses on security weaknesses associated with this specific product and its vendor ecosystem, providing a centralized view of potential risks. The content compiled here encompasses a comprehensive list of security flaws, including but not limited to cross-site scripting, SQL injection, and authentication bypasses, that have been disclosed for this software. The data spans from the plugin’s initial release through the most recent patches, ensuring a historical perspective on its security posture over time. Visitors can use this resource to track a vendor’s advisory patterns and understand how frequently updates are released in response to critical flaws. Additionally, users can deepen their understanding of specific weakness classes by seeing how they manifest in a popular WordPress environment. The page also allows for a detailed lookup of a product’s vulnerability history, enabling administrators and security researchers to assess past incidents and evaluate the effectiveness of remediation efforts. By consolidating this information, the page serves as a practical tool for maintaining security awareness and making informed decisions about plugin maintenance. It does not provide remediation advice but rather acts as a factual record of disclosed issues, helping stakeholders monitor the evolving threat landscape associated with this widely used email management tool.

Vendor: icegram

CVE IDTitleCVSSSeverityPublished
CVE-2026-1651 Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter CWE-89 6.5 Medium2026-03-04
CVE-2025-12348 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution CWE-306 5.3 Medium2025-12-12
CVE-2025-12349 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger CWE-306 5.3 Medium2025-11-19
CVE-2024-8254 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution CWE-94 5.4 Medium2024-10-02
CVE-2024-8771 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure CWE-862 4.3 Medium2024-09-26
CVE-2024-5703 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization CWE-862 4.3 Medium2024-07-17
CVE-2024-6172 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe CWE-89 9.8 Critical2024-07-02
CVE-2024-5756 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin CWE-89 9.8 Critical2024-06-21
CVE-2024-4845 Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] CWE-89 8.8 High2024-06-12
CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash CWE-89 9.8 Critical2024-06-05
CVE-2024-3626 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization CWE-862 4.3 Medium2024-05-23
CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request CWE-862 8.8 High2024-05-15
CVE-2024-2876 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection CWE-89 9.8 Critical2024-05-02
CVE-2024-2656 Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import CWE-79 4.4 Medium2024-04-06
CVE-2023-5414 Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read CWE-22 9.1 Critical2023-10-20

All 15 known CVE vulnerabilities affecting Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress with full Chinese analysis, references, and POCs where available.