| CVE-2024-43273 | WordPress Icegram Collect plugin <= 1.3.14 - Broken Access Control vulnerability | icegram | Icegram Collect | Medium | 5.4 | 2024-11-01 14:17:33 | Deep Dive |
| CVE-2024-8254 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 5.4 | 2024-10-02 06:46:02 | Deep Dive |
| CVE-2024-8771 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 4.3 | 2024-09-26 15:30:34 | Deep Dive |
| CVE-2024-43272 | WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Unpublished Campaign Viewer vulnerability | icegram | Icegram | Medium | 5.3 | 2024-08-19 17:43:36 | Deep Dive |
| CVE-2024-43344 | WordPress Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA plugin <= 3.1.25 - Cross Site Scripting (XSS) vulnerability | Icegram | Icegram | Medium | 6.5 | 2024-08-18 13:20:05 | Deep Dive |
| CVE-2024-5703 | Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 4.3 | 2024-07-17 07:32:19 | Deep Dive |
| CVE-2024-6172 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Critical | 9.8 | 2024-07-02 06:49:43 | Deep Dive |
| CVE-2024-37252 | WordPress Email Subscribers by Icegram Express plugin <= 5.7.25 - SQL Injection vulnerability | Icegram | Email Subscribers & Newsletters | Critical | 9.3 | 2024-06-26 10:13:48 | Deep Dive |
| CVE-2024-5756 | Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Critical | 9.8 | 2024-06-21 04:34:11 | Deep Dive |
| CVE-2024-4845 | Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | High | 8.8 | 2024-06-12 09:33:12 | Deep Dive |
| CVE-2024-21748 | WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability | Icegram | Icegram | Medium | 4.3 | 2024-06-08 16:14:03 | Deep Dive |
| CVE-2024-4295 | Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Critical | 9.8 | 2024-06-05 05:33:06 | Deep Dive |
| CVE-2024-3626 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 4.3 | 2024-05-23 05:32:15 | Deep Dive |
| CVE-2024-4010 | Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | High | 8.8 | 2024-05-15 08:34:13 | Deep Dive |
| CVE-2024-2876 | Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Critical | 9.8 | 2024-05-02 16:52:46 | Deep Dive |
| CVE-2024-2656 | Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 4.4 | 2024-04-06 03:24:43 | Deep Dive |
| CVE-2024-22300 | WordPress Icegram Express plugin <= 5.7.11 - Reflected Cross Site Scripting (XSS) vulnerability | Icegram | Email Subscribers & Newsletters | High | 7.1 | 2024-03-27 05:56:52 | Deep Dive |
| CVE-2023-51532 | WordPress Icegram Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS) | Icegram | Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building | Medium | 6.5 | 2024-02-01 11:00:08 | Deep Dive |
| CVE-2023-52119 | WordPress Icegram Plugin <= 3.1.18 is vulnerable to Cross Site Request Forgery (CSRF) | Icegram | Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building | Medium | 4.3 | 2024-01-05 09:28:10 | Deep Dive |
| CVE-2022-45810 | WordPress Email Subscribers & Newsletters Plugin <= 5.5.2 is vulnerable to CSV Injection | Icegram | Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce | 超危 | - | 2023-11-07 16:50:04 | Deep Dive |