CVE-2024-4295
Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hashThe Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
We have discovered 9,755 live websites that are affected by CVE-2024-4295.
Affected Software
| Product |  Email Subscribers |
| Category | Wordpress Plugins |
| Vulnerable Domains | 9,755 live websites (38.14% of Email Subscribers install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 176 versions ( 81.48% of all versions) |
Details
- Published - Jun 5, 2024
- Updated - Aug 1, 2024
Credits
- 1337_Wannabe (finder)
CVE References
CVE-2024-4295 usage by Country
 United States | 4,351 websites |
 Germany | 925 websites |
 France | 528 websites |
 GB | 361 websites |
 Netherlands | 213 websites |
 Cyprus | 212 websites |
 Australia | 210 websites |
 Spain | 194 websites |
 Canada | 182 websites |
 Russia | 181 websites |
CVE-2024-4295 usage by TLD
| .com | 4,887 websites |
| .org | 615 websites |
| .com.au | 314 websites |
| .de | 309 websites |
| .net | 231 websites |
| .co.uk | 223 websites |
| .fr | 168 websites |
| .nl | 164 websites |
| .com.br | 145 websites |
| .ru | 140 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-4295
Top websites that are affected by CVE-2024-4295. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.net | United States | **,*** | |
| ***************.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| *************.com |  Singapore | **,*** | |
| ***.cz |  Czech Republic | **,*** | |
| **********.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| **********.net | United States | **,*** | |
| ************.com | United States | **,*** | |
| **********.***.cn | United States | **,*** |
FAQ
A total of 9,755 websites have been identified as vulnerable to CVE-2024-4295, discovered through global website indexing conducted by WebTechSurvey.
Email Subscribers is susceptible to CVE-2024-4295 vulnerability.
Email Subscribers versions before, and including, 5.7.20 are vulnerable to CVE-2024-4295.