CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5768 – Icegram Email Subscribers & Newsletters <= 4.5.0 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2020-5768
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields. Una Neutralización inapropiada de elementos especiales usados en un comando SQL ("SQL Injection") en Icegram Email Subscribers & Newsletters Plugin para WordPress versión v4.4.8, permite a un atacante autenticado remoto determinar el valor de los campos de la base de datos • https://www.tenable.com/security/research/tra-2020-44-0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5767 – Icegram Email Subscribers & Newsletters Plugin for WordPress <= 4.5.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2020-5767
Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. Una vulnerabilidad Cross-site request forgery en Icegram Email Subscribers & Newsletters Plugin para WordPress versión v4.4.8, permite a un atacante remoto enviar correos electrónicos falsificados al engañar a usuarios legítimos para que hagan clic en un enlace diseñado Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.5.0 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. • https://www.tenable.com/security/research/tra-2020-44-0 • CWE-352: Cross-Site Request Forgery (CSRF) •