CVE-2024-12566 – This vulnerability allows high-privilege WordPr... (How to Fix)

Q: What is the severity of CVE-2024-12566?

CVE-2024-12566 has a CVSS score of 4.8 (MEDIUM). This vulnerability allows high-privilege WordPress users (like administrators) to inject malicious scripts into form settings in the Email Subscribers by Icegram Express plugin. When exploited, it enables stored cross-site scripting attacks that can target other users, even in WordPress multisite setups where unfiltered_html capabilities are restricted. Only WordPress sites using vulnerable versions of this specific plugin are affected.

📋 TL;DR

This vulnerability allows high-privilege WordPress users (like administrators) to inject malicious scripts into form settings in the Email Subscribers by Icegram Express plugin. When exploited, it enables stored cross-site scripting attacks that can target other users, even in WordPress multisite setups where unfiltered_html capabilities are restricted. Only WordPress sites using vulnerable versions of this specific plugin are affected.

💻 Affected Systems

Products:

Email Subscribers by Icegram Express WordPress Plugin

Versions: All versions before 5.7.45

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin enabled. Exploitation requires admin-level privileges or compromised admin account.

📦 What is this software?

Email Subscribers \& Newsletters by Icegram

View all CVEs affecting Email Subscribers \& Newsletters →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker with admin privileges could inject persistent malicious scripts that execute in victims' browsers, potentially stealing session cookies, performing actions as other users, or redirecting to malicious sites.

🟠

Likely Case

Malicious administrator or compromised admin account injects tracking scripts or defaces parts of the site visible to other users through plugin forms.

🟢

If Mitigated

With proper user access controls and regular admin account monitoring, impact is limited to potential defacement of plugin-specific form pages.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated admin access. Attack would involve injecting script payloads into plugin form settings fields.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.7.45

Vendor Advisory: https://wpscan.com/vulnerability/9206064a-d54e-44ad-9670-65520ee166a6/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Email Subscribers by Icegram Express'. 4. Click 'Update Now' if update available. 5. Alternatively, download version 5.7.45+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the vulnerable plugin until patched

wp plugin deactivate email-subscribers

Restrict Admin Access

all

Temporarily limit admin account access to trusted users only

🧯 If You Can't Patch

Remove admin privileges from untrusted users and implement strict access controls
Implement Content Security Policy headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin → Plugins → Installed Plugins. Look for Email Subscribers by Icegram Express version number.

Check Version:

wp plugin get email-subscribers --field=version

Verify Fix Applied:

Confirm plugin version is 5.7.45 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual modifications to plugin settings by admin users
Suspicious script tags in plugin form configuration

Network Indicators:

Unexpected JavaScript loading from plugin form pages

SIEM Query:

source="wordpress" AND (event="plugin_edit" OR event="option_update") AND plugin="email-subscribers" AND user_role="administrator"

📊 Metadata

CVE ID: CVE-2024-12566

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.07% exploit probability (21.9th percentile)

Published: January 13, 2025

Last Updated: May 8, 2025

🔗 References

https://wpscan.com/vulnerability/9206064a-d54e-44ad-9670-65520ee166a6/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12566, you might also want to check these: