Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

icegram — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting icegram. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by icegram:Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressIcegramEmail Subscribers & NewslettersIcegram CollectIcegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List BuildingIcegram Express ProPopups, Welcome Bar, Optins and Lead Generation Plugin – IcegramIcegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-1651 Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-89 6.5 Medium2026-03-04
CVE-2025-68507 WordPress Icegram plugin <= 3.1.35 - Broken Access Control vulnerability — IcegramCWE-862 6.5 Medium2026-01-22
CVE-2025-68038 WordPress Icegram Express Pro plugin < 5.9.14 - PHP Object Injection vulnerability — Icegram Express ProCWE-502 7.2 High2025-12-24
CVE-2025-12348 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-306 5.3 Medium2025-12-12
CVE-2025-66055 WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability — Email Subscribers & NewslettersCWE-502 8.8 -2025-11-21
CVE-2025-12349 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-306 5.3 Medium2025-11-19
CVE-2025-49917 WordPress Icegram Express Pro plugin <= 5.9.5 - Server Side Request Forgery (SSRF) vulnerability — Icegram Express ProCWE-918 8.1AIHighAI2025-10-22
CVE-2025-47527 WordPress Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.18 - Broken Access Control Vulnerability — Icegram CollectCWE-862 7.1 High2025-06-09
CVE-2025-24542 WordPress Icegram Engage plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability — IcegramCWE-79 6.5 Medium2025-01-24
CVE-2024-39625 WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Message Duplication Vulnerability — IcegramCWE-862 5.3 Medium2024-11-01
CVE-2024-43273 WordPress Icegram Collect plugin <= 1.3.14 - Broken Access Control vulnerability — Icegram CollectCWE-862 5.4 Medium2024-11-01
CVE-2024-8254 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-94 5.4 Medium2024-10-02
CVE-2024-8771 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-862 4.3 Medium2024-09-26
CVE-2024-43272 WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Unpublished Campaign Viewer vulnerability — IcegramCWE-306 5.3 Medium2024-08-19
CVE-2024-43344 WordPress Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA plugin <= 3.1.25 - Cross Site Scripting (XSS) vulnerability — IcegramCWE-79 6.5 Medium2024-08-18
CVE-2024-5703 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-862 4.3 Medium2024-07-17
CVE-2024-6172 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-89 9.8 Critical2024-07-02
CVE-2024-37252 WordPress Email Subscribers by Icegram Express plugin <= 5.7.25 - SQL Injection vulnerability — Email Subscribers & NewslettersCWE-89 9.3 Critical2024-06-26
CVE-2024-5756 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-89 9.8 Critical2024-06-21
CVE-2024-4845 Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-89 8.8 High2024-06-12
CVE-2024-21748 WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability — IcegramCWE-862 4.3 Medium2024-06-08
CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-89 9.8 Critical2024-06-05
CVE-2024-3626 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-862 4.3 Medium2024-05-23
CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-862 8.8 High2024-05-15
CVE-2024-2876 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-89 9.8 Critical2024-05-02
CVE-2024-2656 Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-79 4.4 Medium2024-04-06
CVE-2024-22300 WordPress Icegram Express plugin <= 5.7.11 - Reflected Cross Site Scripting (XSS) vulnerability — Email Subscribers & NewslettersCWE-79 7.1 High2024-03-27
CVE-2023-51532 WordPress Icegram Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS) — Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List BuildingCWE-79 6.5 Medium2024-02-01
CVE-2023-52119 WordPress Icegram Plugin <= 3.1.18 is vulnerable to Cross Site Request Forgery (CSRF) — Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List BuildingCWE-352 4.3 Medium2024-01-05
CVE-2022-45810 WordPress Email Subscribers & Newsletters Plugin <= 5.5.2 is vulnerable to CSV Injection — Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerceCWE-1236 8.0 -2023-11-07

This page lists every published CVE security advisory associated with icegram. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.