WordPress Icegram Express Plugin Security Update Advisory (CVE-2024-5756)

Overview

 

WordPress has released an update to address a vulnerability in the Icegram Express plugin. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-5756

  • WordPress Icegram Express plugin version: ~ 5.7.23 (inclusive)

 

 

Resolved Vulnerabilities

 

Time-based SQL injection vulnerability (CVE-2024-5756) that could allow an attacker to extract sensitive information from a database by appending additional SQL queries to an existing query

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-5756

  • WordPress Icegram Express plugin version: 5.7.24

 

 

Referenced Sites

[1] CVE-2024-5756 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-5756

[2] Icegram Express – Email Subscribers, Newsletters and Marketing Automation Plugin

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/email-subscribers/icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-5723-unauthenticated-sql-injection-via-optin

Article Link: WordPress Icegram Express Plugin Security Update Advisory (CVE-2024-5756) – ASEC