CVE-2022-0439

high-risk
Published 2022-03-07

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged in user to perform the action by clicking a link.

Do I need to act?

!
37.1% chance of exploitation in next 30 days
EPSS score — higher than 63% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Icegram

References (2)

Exploit https://wpscan.com/vulnerability/729d3e67-d081-4a4e-ac1e-f6b0a184f095
Exploit https://wpscan.com/vulnerability/729d3e67-d081-4a4e-ac1e-f6b0a184f095
51
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 16/34 · Moderate
Exposure 5/34 · Minimal