CVE-2025-68507 WordPress Icegram plugin <= 3.1.35 - Broken Access Control vulnerability

Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through = 3.1.35...

CVE-2025-68507

CVE-2025-68507 : Missing Authorization in Icegram Engage (WordPress plugin) allows an unauthenticated attacker to exploit incorrectly configured access control. The vulnerability affects Icegram Engage up to and including version 3.1.35. Red Hat and CVE records corroborate the issue and its affec...

WordPress plugin Icegram has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2016-10963

The icegram plugin before 1.9.19 for WordPress has XSS...

WordPress Icegram plugin <= 3.1.35 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Icegram versions = 3.1.35...

CVE-2024-3626

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gettemplatecontent function in all versions up to, and including, 5.7.17. This...

CVE-2020-5780

Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing...

CVE-2019-13569

A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

CVE-2019-15830

The icegram plugin before 1.10.29 for WordPress has igcatlist XSS...

CVE-2016-10962

The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php optionname parameter...

WordPress Icegram Engage plugin < 3.1.32 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Icegram versions 3.1.32...

CVE-2024-5703

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated...

WordPress plugin Icegram security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-51532 WordPress Icegram Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder...

CVE-2023-52119 WordPress Icegram Plugin <= 3.1.18 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18...

WordPress Icegram Plugin <= 3.1.21 is vulnerable to Broken Access Control

Software Icegram Type Plugin Vulnerable versions = 3.1.21 Fixed in 3.1.22 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-21748 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 81671ed8c65a Credits Huynh Tien Si Required privilege...

WordPress Icegram Plugin <= 3.1.18 is vulnerable to Cross Site Request Forgery (CSRF)

Software Icegram Type Plugin Vulnerable versions = 3.1.18 Fixed in 3.1.19 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52119 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 10fea57749dc Credits Brandon Roldan Required...

WordPress Icegram Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS)

Software Icegram Type Plugin Vulnerable versions = 3.1.19 Fixed in 3.1.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51532 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eac57c24cf8c Credits Huynh Tien Si Required privilege Contributor...

WordPress Icegram plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. icegram is a subscription plugin used in it. WordPress plugin is an...

WordPress plugin Icegram 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. icegram is a subscription plugin used in it. WordPress plugin is an...