High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-05	CVE-2023-52119	Cross-Site Request Forgery (CSRF) vulnerability in Icegram Engage Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18. network low complexity icegram CWE-352	8.8
2023-10-20	CVE-2023-5414	Path Traversal vulnerability in Icegram Express The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. network low complexity icegram CWE-22	7.2
2022-12-12	CVE-2022-3981	Unspecified vulnerability in Icegram Email Subscribers & Newsletters The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber network low complexity icegram	8.8
2022-03-07	CVE-2022-0439	SQL Injection vulnerability in Icegram Email Subscribers & Newsletters The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. network low complexity icegram CWE-89	8.8
2018-01-26	CVE-2018-6015	Information Exposure vulnerability in Icegram Email Subscribers & Newsletters An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. network low complexity icegram CWE-200	7.5