// For flags

CVE-2024-5703

Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization

Severity Score

4.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access the API (provided it is enabled) and add, edit, and delete audience users.

El complemento Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress &amp; WooCommerce para WordPress es vulnerable al acceso no autorizado a la API debido a una falta de verificación de capacidad en todas las versiones hasta la 5.7.26 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, accedan a la API (siempre que esté habilitada) y agreguen, editen y eliminen usuarios de la audiencia.

*Credits: Arkadiusz Hydzik
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-06-06 CVE Reserved
  • 2024-07-16 CVE Published
  • 2024-07-18 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-862: Missing Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Icegram
Search vendor "Icegram"
 Email Subscribers \& Newsletters
Search vendor "Icegram" for product "Email Subscribers \& Newsletters"
 < 5.7.27
Search vendor "Icegram" for product "Email Subscribers \& Newsletters" and version " < 5.7.27"
wordpress
Affected