CVE-2024-8771
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information ExposureThe Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'preview_email_template_design' function in all versions up to, and including, 5.7.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the content of private, password protected, pending, and draft posts and pages.
We have discovered 12,085 live websites that are affected by CVE-2024-8771.
Affected Software
| Product |  Email Subscribers |
| Category | Wordpress Plugins |
| Vulnerable Domains | 12,085 live websites (47.25% of Email Subscribers install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 191 versions ( 88.43% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Sep 26, 2024
- Updated - Sep 26, 2024
Credits
- Michelle Porter (finder)
CWE
CVE References
CWE References
CVE-2024-8771 usage by Country
 United States | 5,512 websites |
 Germany | 1,156 websites |
 France | 666 websites |
 GB | 448 websites |
 Netherlands | 264 websites |
 Cyprus | 258 websites |
 Australia | 251 websites |
 Spain | 243 websites |
 Canada | 217 websites |
 Russia | 206 websites |
CVE-2024-8771 usage by TLD
| .com | 6,089 websites |
| .org | 769 websites |
| .de | 396 websites |
| .com.au | 357 websites |
| .net | 292 websites |
| .co.uk | 277 websites |
| .fr | 223 websites |
| .nl | 205 websites |
| .com.br | 177 websites |
| .ru | 160 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-8771
Top websites that are affected by CVE-2024-8771. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.net | United States | **,*** | |
| ***************.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| *************.com |  Singapore | **,*** | |
| ***.cz |  Czech Republic | **,*** | |
| **********.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| **********.net | United States | **,*** | |
| *********.com | United States | **,*** | |
| ************.com | United States | **,*** |
FAQ
CVE-2024-8771 is Missing Authorization in Email Subscribers
A total of 12,085 websites have been identified as vulnerable to CVE-2024-8771, discovered through global website indexing conducted by WebTechSurvey.
Email Subscribers is susceptible to CVE-2024-8771 vulnerability.
Email Subscribers versions before, and including, 5.7.34 are vulnerable to CVE-2024-8771.