EUVD-2025-203070

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

EUVD-2025-198122

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

CVE-2025-12349

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

EUVD-2025-11516

Malicious code in bioql PyPI...

EUVD-2025-12395

Malicious code in bioql PyPI...

CVE-2023-5414

The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...

CVE-2022-3981

The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber...

CVE-2025-0671

The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its Template settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-11924

The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

PT-2025-17885 · WordPress · Icegram Express

Name of the Vulnerable Software and Affected Versions: The Icegram Express WordPress plugin versions prior to 5.7.50 Description: The issue concerns the Icegram Express WordPress plugin, which does not properly sanitise and escape some of its Template settings. This could allow high-privilege...

CVE-2024-11924

The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

CVE-2024-11924

The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...

PT-2025-16935 · WordPress · Icegram Express

Name of the Vulnerable Software and Affected Versions: The Icegram Express formerly known as Email Subscribers WordPress plugin versions prior to 5.7.52 Description: The issue concerns the Icegram Express WordPress plugin, which does not properly sanitise and escape some of its settings. This cou...

CVE-2024-12567

The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-6172

CVE-2024-6172 affects the Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin. Root cause: insufficient escaping and inadequate query preparation on the db parameter; enables time-based SQL injection. Affected versions: all up to 5.7....

CVE-2024-4845

The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘optionslistid’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

WordPress Icegram Express plugin <= 5.7.15 - Authenticated (Administrator+) Cross-Site Scripting via CSV import vulnerability

Authenticated Administrator+ Cross-Site Scripting via CSV import vulnerability discovered by Peter17 in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.15...

CVE-2024-22300 WordPress Icegram Express plugin <= 5.7.11 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11...

CVE-2023-5414 Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read

The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...