CVE-2024-4295 – This vulnerability allows unauthenticated attac... (How to Fix)

📋 TL;DR

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress sites using the Email Subscribers by Icegram Express plugin. Attackers can extract sensitive information from the database by manipulating the 'hash' parameter. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

Email Subscribers by Icegram Express WordPress Plugin

Versions: All versions up to and including 5.7.20

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with the vulnerable plugin are affected regardless of configuration.

📦 What is this software?

Email Subscribers \& Newsletters by Icegram

View all CVEs affecting Email Subscribers \& Newsletters →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including user credentials, personal data, and administrative access leading to site takeover.

🟠

Likely Case

Extraction of sensitive subscriber data, user information, and potential privilege escalation.

🟢

If Mitigated

Limited or no impact with proper input validation and prepared statements in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via GET/POST parameters is well-understood and easily automated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.7.21 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3090845/email-subscribers/trunk/lite/includes/db/class-es-db-lists-contacts.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'Email Subscribers by Icegram Express'
4. Click 'Update Now' if available
5. If no update available, download version 5.7.21+ from WordPress repository
6. Deactivate old plugin, upload new version, activate

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the vulnerable plugin until patched

wp plugin deactivate email-subscribers

WAF Rule Implementation

all

Block SQL injection patterns targeting the 'hash' parameter

🧯 If You Can't Patch

Implement web application firewall with SQL injection rules
Restrict access to affected endpoints using .htaccess or nginx rules

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins → Installed Plugins

Check Version:

wp plugin get email-subscribers --field=version

Verify Fix Applied:

Verify plugin version is 5.7.21 or higher after update

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple requests with encoded 'hash' parameters
429 errors from failed injection attempts

Network Indicators:

HTTP requests with SQL keywords in 'hash' parameter
Unusual traffic patterns to plugin endpoints

SIEM Query:

source="web_logs" AND (uri_path="/wp-content/plugins/email-subscribers/" OR uri_path LIKE "%es=%") AND (query_string LIKE "%hash=%" AND (query_string LIKE "%UNION%" OR query_string LIKE "%SELECT%" OR query_string LIKE "%INSERT%"))

📊 Metadata

CVE ID: CVE-2024-4295

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: June 5, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4295, you might also want to check these: