Overview
WordPress has released an update to address a vulnerability in the Icegram Express plugin. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-5756
- WordPress Icegram Express plugin version: ~ 5.7.23 (inclusive)
Resolved Vulnerabilities
Time-based SQL injection vulnerability (CVE-2024-5756) that could allow an attacker to extract sensitive information from a database by appending additional SQL queries to an existing query
Vulnerability Patches
Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-5756
- WordPress Icegram Express plugin version: 5.7.24
Referenced Sites
[1] CVE-2024-5756 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-5756
[2] Icegram Express – Email Subscribers, Newsletters and Marketing Automation Plugin
Article Link: WordPress Icegram Express Plugin Security Update Advisory (CVE-2024-5756) – ASEC