CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45810 – WordPress Email Subscribers & Newsletters Plugin <= 5.5.2 is vulnerable to CSV Injection
https://notcve.org/view.php?id=CVE-2022-45810
Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2. Neutralización inadecuada de elementos de fórmula en una vulnerabilidad de CSV File en Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce. Este problema afecta a Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: desde n/a hasta 5.5. 2. The Icegram Express plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 5.5.2. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. • https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection?_s_id=cve • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25024 – WordPress Icegram Collect plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-25024
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Icegram Icegram Collect plugin <= 1.3.8 versions. The Icegram Collect plugin for WordPress is vulnerable to Cross-Site Scripting via the 'rainmaker_form' shortcode in versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/icegram-rainmaker/wordpress-icegram-collect-easy-form-lead-collection-and-subscription-plugin-plugin-1-3-8-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24941 – Icegram < 2.0.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24941
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue El plugin Popups, Welcome Bar, Optins and Lead Generation de WordPress versiones anteriores a 2.0.5, no sanea ni escapa del parámetro message_id de la acción AJAX get_message_action_row antes de devolverlo a un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitize and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue • https://wpscan.com/vulnerability/beca7afd-8f03-4909-bea0-77b63513564b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36832 – WordPress Icegram plugin <= 2.0.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36832
WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input. El plugin Popups, Welcome Bar, Optins and Lead Generation de WordPress – Icegram (versiones anteriores a 2.0.2 incluyéndola) es vulnerable en la entrada "Headline" (&message_data[16][headline]) • https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-plugin-2-0-2-authenticated-stored-cross-site-scripting-xss-vulnerability https://wordpress.org/plugins/icegram/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15830 – Icegram <= 1.10.28.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15830
The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. El Plugin icegram anterior a la versión 1.10.29 for WordPress tiene ig_cat_list XSS. • https://blog.sucuri.net/2019/07/icegram-persistent-cross-site-scripting.html https://wordpress.org/plugins/icegram/#developers https://wpvulndb.com/vulnerabilities/9440 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •