Icegram Engage

icegram_engage

Vendor: Icegram • 10 CVEs

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13486 1Icegram 1Icegram Engage May 28, 2025 May 15, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfi...Show more The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-13482 1Icegram 1Icegram Engage May 28, 2025 May 15, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfi...Show more The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-12302 1Icegram 1Icegram Engage May 14, 2025 Jan 6, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks
CVE-2023-51532 1Icegram 1Icegram Engage Apr 28, 2026 Feb 1, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored X...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.19.Show less
CVE-2023-52119 1Icegram 1Icegram Engage Apr 28, 2026 Jan 5, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Pop...Show more Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18.Show less
CVE-2023-2398 1Icegram 1Icegram Engage Nov 21, 2024 Jun 12, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such a...Show more The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2021-36832 1Icegram 1Icegram Engage Nov 21, 2024 Oct 19, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input.
CVE-2016-10963 1Icegram 1Icegram Engage Nov 21, 2024 Sep 16, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The icegram plugin before 1.9.19 for WordPress has XSS.
CVE-2016-10962 1Icegram 1Icegram Engage Nov 21, 2024 Sep 16, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.
CVE-2019-15830 1Icegram 1Icegram Engage Nov 21, 2024 Aug 30, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS.