SQL Injection (CVE-2024-2876) #shorts #breaking
CVE
Today, we're talking about an urgent cybersecurity issue, specifically a new SQL Injection vulnerability found in the WordPress plugin 'Email Subscribers by Icegram Express'. This issue, known as CVE-2024-2876, is particularly severe because it's a zero-day vulnerability, meaning it was unknown before its first appearance, which is today. This issue affects over 90,000 websites using the vulnerable plugin. Hackers exploiting this vulnerability can potentially extract sensitive information from the website's database. If you're using 'Email Subscribers by Icegram Express', and your version is up to 5.7.14, you're at risk. Immediate action is required: update your plugin as soon as the developers release a fix to protect your website and your data.
Watch the full video on YouTube: CVE-2024-2876
Remediation and exploitation details
This chain involves the following actors
This following systems are involved
Attack entry point
Remediation actions
Exploitation actions
Related Content
NOTE: The following related content has not been vetted and may be unsafe.
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e0ca6ac4-0d89-4601-94fc-cce5a0af9c56?source=cve
- https://github.com/WordpressPluginDirectory/email-subscribers/blob/main/email-subscribers/lite/includes/classes/class-ig-es-subscriber-query.php#L304
- https://github.com/WordpressPluginDirectory/email-subscribers/blob/main/email-subscribers/lite/admin/class-email-subscribers-admin.php#L1433
- https://plugins.trac.wordpress.org/changeset/3060251/email-subscribers/trunk/lite/includes/classes/class-ig-es-subscriber-query.php