CVE-2025-12349 – Email Subscribers & Newsletters

CVE ID : CVE-2025-12349

Published : Nov. 19, 2025, 4:28 a.m. | 37 minutes ago

Description : The Icegram Express – Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `trigger_mailing_queue_sending` function. This makes it possible for unauthenticated attackers to force immediate email sending, bypass the schedule, increase server load, and change plugin state (e.g., last-cron-hit), enabling abuse or DoS-like effects.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…