Email Subscribers < 5.7.44 - Admin+ SQL Injection
Description
The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Email Subscribers by Icegram Express plugin before 5.7.44 allows admin-level SQL injection due to unsanitized parameter.
Vulnerability
The Email Subscribers by Icegram Express plugin for WordPress fails to sanitize and escape a parameter before using it in a SQL statement, leading to an SQL injection vulnerability [1]. This affects all versions before 5.7.44. The vulnerability requires admin-level privileges to exploit.
Exploitation
An attacker with admin access can exploit this by sending a crafted request containing malicious SQL in the unsanitized parameter. No additional authentication or user interaction is required beyond the admin role.
Impact
Successful exploitation allows the attacker to execute arbitrary SQL queries against the database, potentially leading to data exfiltration, modification, or deletion of sensitive information.
Mitigation
The vulnerability is fixed in version 5.7.44 [1]. Users should update to this version or later immediately. No workarounds are available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <5.7.44
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- wpscan.com/vulnerability/5e00ba37-da7f-4703-a0b9-65237696fbdd/mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.