Email subscribers \& newsletters

This hub aggregates every CVE we track for Email subscribers \& newsletters, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Email subscribers \& newsletters.

• CVE-2025-66055WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability7.2Nov 21, 2025
• CVE-2024-12568Email Subscribers < 5.7.45 - Admin+ Stored XSS4.8Jan 13, 2025
• CVE-2024-12567Email Subscribers < 5.7.45 - Admin+ Stored XSS4.8Jan 13, 2025
• CVE-2024-12566Email Subscribers < 5.7.45 - Admin+ Stored XSS4.8Jan 13, 2025
• CVE-2024-11636Email Subscribers < 5.7.45 - Admin+ Stored XSS4.8Jan 13, 2025
• CVE-2024-12311Email Subscribers < 5.7.44 - Admin+ SQL Injection6.5Jan 6, 2025
• CVE-2024-8254Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution5.4Oct 2, 2024
• CVE-2024-8771Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure4.3Sep 26, 2024
• CVE-2024-5703Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization4.3Jul 17, 2024
• CVE-2024-6172Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe9.8Jul 2, 2024
• CVE-2024-37252WordPress Email Subscribers by Icegram Express plugin <= 5.7.25 - SQL Injection vulnerability9.3Jun 26, 2024
• CVE-2024-31352WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability5.3Jun 9, 2024
• CVE-2024-4295Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash9.8Jun 5, 2024
• CVE-2024-22300WordPress Icegram Express plugin <= 5.7.11 - Reflected Cross Site Scripting (XSS) vulnerability7.1Mar 27, 2024
• CVE-2022-3981Icegram Express < 5.5.1 - Subscriber+ SQLi8.8Dec 12, 2022