CVE-2024-8771

Summary

CVE-2024-8771 is a vulnerability affecting the Email Subscribers by Icegram Express plugin for WordPress and WooCommerce. This issue allows authenticated attackers, with Subscriber-level access and above, to gain unauthorized access to sensitive data. The vulnerability is caused by a missing capability check in the 'preview_email_template_design' function, found in all versions up to 5.7.34. As a consequence, attackers can extract the content of private, password protected, pending, and draft posts and pages. This poses a significant risk to website security and data confidentiality. It is highly recommended that users update to the latest version of the plugin to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.