High severity8.8NVD Advisory· Published Mar 7, 2022· Updated Jun 17, 2026
CVE-2022-0439
CVE-2022-0439
Description
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajax_fetch_report_list action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged in user to perform the action by clicking a link.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <5.3.2
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/729d3e67-d081-4a4e-ac1e-f6b0a184f095nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.