CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47527 – WordPress Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.18 - Broken Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-47527
04 Jun 2025 — Missing Authorization vulnerability in Icegram Icegram Collect – Easy Form, Lead Collection and Subscription plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Icegram Collect – Easy Form, Lead Collection and Subscription plugin: from n/a through 1.3.18. The Icegram Collect – Easy Form, Lead Collection and Subscription plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and inc... • https://patchstack.com/database/wordpress/plugin/icegram-rainmaker/vulnerability/wordpress-icegram-collect-easy-form-lead-collection-and-subscription-plugin-1-3-18-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24542 – WordPress Icegram Engage plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24542
24 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icegram Icegram allows Stored XSS. This issue affects Icegram: from n/a through 3.1.31. The Icegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will... • https://patchstack.com/database/wordpress/plugin/icegram/vulnerability/wordpress-icegram-engage-plugin-3-1-31-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43344 – WordPress Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA plugin <= 3.1.25 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43344
16 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Icegram allows Stored XSS.This issue affects Icegram: from n/a through 3.1.25. The Icegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will e... • https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-ultimate-wp-popup-builder-lead-generation-optins-and-cta-plugin-3-1-25-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43272 – WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Unpublished Campaign Viewer vulnerability
https://notcve.org/view.php?id=CVE-2024-43272
12 Aug 2024 — Missing Authentication for Critical Function vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24. The Icegram plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the display_messages() function in versions up to, and including, 3.1.24. This makes it possible for unauthenticated attackers to preview campaigns • https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-24-unauthenticated-unpublished-campaign-viewer-vulnerability?_s_id=cve • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43273 – WordPress Icegram Collect plugin <= 1.3.14 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43273
12 Aug 2024 — Missing Authorization vulnerability in icegram Icegram Collect plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect plugin: from n/a through 1.3.14. The Icegram Collect – Easy Form, Lead Collection and Subscription plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the disconnect_campaignmonitor() function, along with a few others, in versions up to, and including, 1.3.14. This makes it possible f... • https://patchstack.com/database/vulnerability/icegram-rainmaker/wordpress-icegram-collect-easy-form-lead-collection-and-subscription-plugin-plugin-1-3-14-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39625 – WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Message Duplication Vulnerability
https://notcve.org/view.php?id=CVE-2024-39625
22 Jul 2024 — Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24. The Icegram plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_message() function in versions up to, and including, 3.1.24. This makes it possible for unauthenticated attackers to duplicate messages. • https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-24-unauthenticated-message-duplication-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4845 – Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id]
https://notcve.org/view.php?id=CVE-2024-4845
11 Jun 2024 — The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemen... • https://plugins.trac.wordpress.org/changeset/3098321/email-subscribers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21748 – WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-21748
05 Jan 2024 — Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21. Vulnerabilidad de autorización faltante en Icegram. Este problema afecta a Icegram: desde n/a hasta 3.1.21. The Icegram plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.1.21. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-20-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52119 – WordPress Icegram Plugin <= 3.1.18 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52119
28 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building. Este problema afecta a Icegram Engage – WordPress Lead Gene... • https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-18-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51532 – WordPress Icegram Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51532
27 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.19. La vulnerabilidad de neutralización incorrecta de la entrada durante de generación de páginas web ('Cross-site Scripting') en Icegram Icegram Engage ... • https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-19-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •