CVE-2024-5703
Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing AuthorizationThe Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access the API (provided it is enabled) and add, edit, and delete audience users.
We have discovered 10,521 live websites that are affected by CVE-2024-5703.
Affected Software
| Product |  Email Subscribers |
| Category | Wordpress Plugins |
| Vulnerable Domains | 10,521 live websites (41.13% of Email Subscribers install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 183 versions ( 84.72% of all versions) |
Details
- Published - Jul 17, 2024
- Updated - Aug 1, 2024
Credits
- Arkadiusz Hydzik (finder)
CVE References
CVE-2024-5703 usage by Country
 United States | 4,705 websites |
 Germany | 1,013 websites |
 France | 572 websites |
 GB | 386 websites |
 Cyprus | 231 websites |
 Netherlands | 229 websites |
 Australia | 223 websites |
 Spain | 210 websites |
 Canada | 192 websites |
 Russia | 188 websites |
CVE-2024-5703 usage by TLD
| .com | 5,267 websites |
| .org | 665 websites |
| .de | 338 websites |
| .com.au | 323 websites |
| .net | 253 websites |
| .co.uk | 242 websites |
| .fr | 187 websites |
| .nl | 175 websites |
| .com.br | 156 websites |
| .ru | 145 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-5703
Top websites that are affected by CVE-2024-5703. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.net | United States | **,*** | |
| ***************.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| *************.com |  Singapore | **,*** | |
| ***.cz |  Czech Republic | **,*** | |
| **********.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| **********.net | United States | **,*** | |
| ************.com | United States | **,*** | |
| **********.***.cn | United States | **,*** |
FAQ
A total of 10,521 websites have been identified as vulnerable to CVE-2024-5703, discovered through global website indexing conducted by WebTechSurvey.
Email Subscribers is susceptible to CVE-2024-5703 vulnerability.
Email Subscribers versions before, and including, 5.7.26 are vulnerable to CVE-2024-5703.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/22283650-36bf-43e5-a57e-a91025fb2af7?source=cve
- https://plugins.trac.wordpress.org/browser/email-subscribers/trunk/lite/admin/class-es-rest-api-admin.php#L25
- https://plugins.trac.wordpress.org/changeset/3118326/email-subscribers/trunk/lite/admin/class-es-rest-api-admin.php