Vulnerabilities > Icegram

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2023-51532 Cross-site Scripting vulnerability in Icegram Engage
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.19.
network
low complexity
icegram CWE-79
5.4
2024-01-05 CVE-2023-52119 Cross-Site Request Forgery (CSRF) vulnerability in Icegram Engage
Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18.
network
low complexity
icegram CWE-352
8.8
2023-11-07 CVE-2022-45810 Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Express
Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2.
network
low complexity
icegram CWE-1236
critical
9.8
2023-10-20 CVE-2023-5414 Path Traversal vulnerability in Icegram Express
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function.
network
low complexity
icegram CWE-22
7.2
2023-06-12 CVE-2023-2398 Unspecified vulnerability in Icegram Engage
The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
icegram
6.1
2023-04-07 CVE-2023-25024 Cross-site Scripting vulnerability in Icegram Collect
Auth.
network
low complexity
icegram CWE-79
4.8
2022-12-12 CVE-2022-3981 Unspecified vulnerability in Icegram Email Subscribers & Newsletters
The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber
network
low complexity
icegram
8.8
2022-06-27 CVE-2022-1776 Cross-site Scripting vulnerability in Icegram Popups, Welcome Bar, Optins and Lead Generation Plugin
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
network
icegram CWE-79
3.5
2022-03-07 CVE-2022-0439 SQL Injection vulnerability in Icegram Email Subscribers & Newsletters
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber.
network
low complexity
icegram CWE-89
8.8
2021-12-21 CVE-2021-24941 Cross-site Scripting vulnerability in Icegram
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue
network
icegram CWE-79
4.3