Icegram Express Security Vulnerabilities and Issues — Icegram Express CVE List

Lucene search

IcegramIcegram Express

8 matches found

CVE•added 2023/10/20 7:15 a.m.•82 views

CVE-2023-5414

The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including th...

9.1CVSS6.8AI score0.02089EPSS

CVE•added 2023/11/07 5:15 p.m.•80 views

CVE-2022-45810

Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through...

9.8CVSS9.6AI score0.00692EPSS

CVE•added 2022/12/12 6:15 p.m.•55 views

CVE-2022-3981

The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber

8.8CVSS8.9AI score0.00218EPSS

CVE•added 2024/06/08 5:15 p.m.•54 views

CVE-2024-21748

Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.

5.4CVSS4.9AI score0.00079EPSS

CVE•added 2024/06/12 10:15 a.m.•50 views

CVE-2024-4845

The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible ...

8.8CVSS8.7AI score0.00486EPSS

CVE•added 2025/04/17 6:15 a.m.•46 views

CVE-2024-11924

The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e...

3.5CVSS5.4AI score0.00046EPSS

CVE•added 2024/06/21 5:15 a.m.•46 views

CVE-2024-5756

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied paramete...

9.8CVSS9.7AI score0.01097EPSS

CVE•added 2025/04/25 6:15 a.m.•45 views

CVE-2025-0671

The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its Template settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

6.1CVSS5.4AI score0.00051EPSS