The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber
8.8CVSS
8.8AI Score
0.001EPSS
Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express β Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express β Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through...
9.8CVSS
9.4AI Score
0.001EPSS
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including th...
9.1CVSS
6.8AI Score
0.001EPSS
Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.
5.4CVSS
4.7AI Score
0.0004EPSS
The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the βoptions[list_id]β parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible ...
8.8CVSS
8.7AI Score
0.001EPSS
The Email Subscribers by Icegram Express β Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied paramete...
9.8CVSS
9.7AI Score
0.001EPSS