CVE-2024-2876 is a critical security vulnerability found in the "Email Subscribers by Icegram Express" plugin for WordPress. This vulnerability affects versions up to and including 5.7.14 and poses significant risks to over 90,000 websites.
- CVE-ID: CVE-2024-2876
- CVSS Score: 9.8 (Critical)
- Affected Versions: Up to 5.7.14
- Patched Version: 5.7.15 and above
The vulnerability is a SQL injection flaw that allows unauthenticated attackers to execute malicious SQL queries on the affected WordPress databases. By manipulating user inputs that are not properly sanitized, attackers can extract sensitive information such as usernames, email addresses, password hashes, and subscriber lists.
The SQL injection occurs within the run function of the plugin's IG_ES_Subscribers_Query class, where inadequate input validation leads to unauthorized SQL code execution. This compromises the integrity and confidentiality of the data stored in the WordPress database.
-
FOFA : body="/wp-content/plugins/email-subscribers/"
-
publicwww : "/wp-content/plugins/email-subscribers/"
POST /wp-admin/admin-post.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
page=es_subscribers&is_ajax=1&action=_sent&advanced_filter[conditions][0][0][field]=status=99924)))union(select(sleep(4)))--+&advanced_filter[conditions][0][0][operator]==&advanced_filter[conditions][0][0][value]=1111-
Immediate Update: If you are using the "Email Subscribers by Icegram Express" plugin, upgrade to version 5.7.15 or later immediately to apply the security fix.
-
Regular Audits: Regularly review and update all WordPress plugins and themes to their latest versions to ensure security.
-
Security Plugins: Use reputable WordPress security plugins to enhance defenses against SQL injection and other cyber threats.
-
Strong Password Policies: Implement strong and unique passwords for all accounts related to your WordPress site to reduce unauthorized access risks.
Failing to update the affected plugin can leave websites vulnerable to data breaches and unauthorized access. Given the widespread use of this plugin, immediate action is crucial to secure installations.