Vulnerabilities > Icegram

DATE CVE VULNERABILITY TITLE RISK
2020-07-17 CVE-2020-5767 Cross-Site Request Forgery (CSRF) vulnerability in Icegram Email Subscribers & Newsletters 4.4.8
Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link.
network
low complexity
icegram CWE-352
6.5
6.5
2020-01-08 CVE-2019-20361 SQL Injection vulnerability in Icegram Email Subscribers & Newsletters
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
network
low complexity
icegram CWE-89
critical
 9.8
9.8
2019-12-26 CVE-2019-19985 Missing Authorization vulnerability in Icegram Email Subscribers & Newsletters
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
network
low complexity
icegram CWE-862
5.3
5.3
2019-12-26 CVE-2019-19984 Incorrect Authorization vulnerability in Icegram Email Subscribers & Newsletters
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.
network
low complexity
icegram CWE-863
6.3
6.3
2019-12-26 CVE-2019-19982 Improper Authentication vulnerability in Icegram Email Subscribers & Newsletters
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation.
network
low complexity
icegram CWE-287
5.3
5.3
2019-12-26 CVE-2019-19981 Cross-Site Request Forgery (CSRF) vulnerability in Icegram Email Subscribers & Newsletters
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings.
network
low complexity
icegram CWE-352
5.4
5.4
2019-12-26 CVE-2019-19980 Unspecified vulnerability in Icegram Email Subscribers & Newsletters
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator.
network
low complexity
icegram
4.3
4.3
2019-09-16 CVE-2016-10963 Cross-site Scripting vulnerability in Icegram Engage
The icegram plugin before 1.9.19 for WordPress has XSS.
network
low complexity
icegram CWE-79
6.1
6.1
2019-09-16 CVE-2016-10962 Cross-Site Request Forgery (CSRF) vulnerability in Icegram Engage
The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.
network
low complexity
icegram CWE-352
6.5
6.5
2019-08-30 CVE-2019-15830 Cross-site Scripting vulnerability in Icegram Engage
The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS.
network
low complexity
icegram CWE-79
5.4
5.4