Login Sign Up

CVE-2024-12568

4.8 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability allows high-privilege WordPress users (like administrators) to inject malicious scripts into Workflow settings of the Email Subscribers by Icegram Express plugin. The stored XSS payload executes when other users view affected pages, even in environments where unfiltered_html is restricted. Only WordPress sites using vulnerable plugin versions are affected.

💻 Affected Systems

Products:
  • Email Subscribers by Icegram Express WordPress Plugin
Versions: All versions before 5.7.45
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress multisite or environments where unfiltered_html capability is disallowed for full impact.

📦 What is this software?

Email Subscribers \& Newsletters by Icegram

View all CVEs affecting Email Subscribers \& Newsletters →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leading to full site takeover, data theft, or malware distribution to visitors.

🟠

Likely Case

Privileged user injects scripts to steal session cookies, redirect users, or deface portions of the admin interface.

🟢

If Mitigated

Limited to admin-only exploitation with minimal impact if proper user access controls and monitoring are in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin-level access. No public exploit code identified at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.7.45

Vendor Advisory: https://wpscan.com/vulnerability/0ce9075a-754b-474e-9620-17da8ee29b56/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Email Subscribers by Icegram Express'. 4. Click 'Update Now' if available, or manually update to version 5.7.45+. 5. Verify plugin version after update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

linux

Disable the vulnerable plugin until patching is possible.

wp plugin deactivate email-subscribers

🧯 If You Can't Patch

  • Restrict admin access to only essential trusted users.
  • Implement web application firewall (WAF) rules to block XSS payloads in plugin parameters.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin > Plugins > Installed Plugins for 'Email Subscribers by Icegram Express' version below 5.7.45.

Check Version:

wp plugin get email-subscribers --field=version

Verify Fix Applied:

Confirm plugin version is 5.7.45 or higher in WordPress admin plugins list.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /wp-admin/admin.php?page=es_workflows with script tags in parameters.
  • Admin users modifying workflow settings unexpectedly.

Network Indicators:

  • HTTP requests containing <script> tags in es_workflow parameters to WordPress admin endpoints.

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin.php" AND query="page=es_workflows") AND (body="<script>" OR body="javascript:")

📊 Metadata

CVE ID: CVE-2024-12568
CVSS v3 Score: 4.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.07% exploit probability (21.9th percentile)
Published: January 13, 2025
Last Updated: May 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12568, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)