CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24941 – Icegram < 2.0.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24941
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue El plugin Popups, Welcome Bar, Optins and Lead Generation de WordPress versiones anteriores a 2.0.5, no sanea ni escapa del parámetro message_id de la acción AJAX get_message_action_row antes de devolverlo a un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitize and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue • https://wpscan.com/vulnerability/beca7afd-8f03-4909-bea0-77b63513564b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36832 – WordPress Icegram plugin <= 2.0.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36832
WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input. El plugin Popups, Welcome Bar, Optins and Lead Generation de WordPress – Icegram (versiones anteriores a 2.0.2 incluyéndola) es vulnerable en la entrada "Headline" (&message_data[16][headline]) • https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-plugin-2-0-2-authenticated-stored-cross-site-scripting-xss-vulnerability https://wordpress.org/plugins/icegram/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5780 – Email Subscribers & Newsletters <= 4.5.5 - Unauthenticated Email Forgery
https://notcve.org/view.php?id=CVE-2020-5780
Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing. Una falta de autenticación para Critical Function en Icegram Email Subscribers & Newsletters Plugin para WordPress versiones anteriores a 4.5.6, permite a un atacante no autenticado remoto conducir una falsificación y suplantación de correo electrónico no autenticado • https://www.tenable.com/security/research/tra-2020-53 • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5768 – Icegram Email Subscribers & Newsletters <= 4.5.0 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2020-5768
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields. Una Neutralización inapropiada de elementos especiales usados en un comando SQL ("SQL Injection") en Icegram Email Subscribers & Newsletters Plugin para WordPress versión v4.4.8, permite a un atacante autenticado remoto determinar el valor de los campos de la base de datos • https://www.tenable.com/security/research/tra-2020-44-0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5767 – Icegram Email Subscribers & Newsletters Plugin for WordPress <= 4.5.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2020-5767
Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. Una vulnerabilidad Cross-site request forgery en Icegram Email Subscribers & Newsletters Plugin para WordPress versión v4.4.8, permite a un atacante remoto enviar correos electrónicos falsificados al engañar a usuarios legítimos para que hagan clic en un enlace diseñado Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.5.0 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. • https://www.tenable.com/security/research/tra-2020-44-0 • CWE-352: Cross-Site Request Forgery (CSRF) •