CVE-2025-68507 WordPress Icegram plugin <= 3.1.35 - Broken Access Control vulnerability

Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through = 3.1.35...

WordPress Icegram Engage plugin < 3.1.32 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Icegram versions 3.1.32...

CVE-2024-39625 WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Message Duplication Vulnerability

Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24...

WordPress Icegram Express plugin <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] vulnerability

Authenticated Subscriber+ SQL Injection Vulnerability via optionslistid vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.22...

CVE-2023-52119 WordPress Icegram Plugin <= 3.1.18 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18...

WordPress Icegram Plugin <= 3.1.21 is vulnerable to Broken Access Control

Software Icegram Type Plugin Vulnerable versions = 3.1.21 Fixed in 3.1.22 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-21748 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 81671ed8c65a Credits Huynh Tien Si Required privilege...

WordPress Icegram Plugin <= 3.1.18 is vulnerable to Cross Site Request Forgery (CSRF)

Software Icegram Type Plugin Vulnerable versions = 3.1.18 Fixed in 3.1.19 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52119 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 10fea57749dc Credits Brandon Roldan Required...

WordPress Icegram Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS)

Software Icegram Type Plugin Vulnerable versions = 3.1.19 Fixed in 3.1.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51532 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eac57c24cf8c Credits Huynh Tien Si Required privilege Contributor...

CVE-2023-25024 WordPress Icegram Collect plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Icegram Icegram Collect plugin = 1.3.8 versions...

CVE-2021-36832

WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram versions = 2.0.2 vulnerable at "Headline" &messagedata16headline input...