Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icegram icegram vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-52119
Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building:...
Icegram Icegram Engage
NA
CVE-2024-4295
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exi...
Icegram Email Subscribers & Newsletters
1 Github repository
356
VMScore
CVE-2019-19980
The WordPress plugin, Email Subscribers & Newsletters, prior to 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugi...
Icegram Email Subscribers & Newsletters
383
VMScore
CVE-2019-19981
The WordPress plugin, Email Subscribers & Newsletters, prior to 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings.
Icegram Email Subscribers & Newsletters
578
VMScore
CVE-2019-19984
The WordPress plugin, Email Subscribers & Newsletters, prior to 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.
Icegram Email Subscribers & Newsletters
445
VMScore
CVE-2019-19985
The WordPress plugin, Email Subscribers & Newsletters, prior to 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
Icegram Email Subscribers & Newsletters
1 Github repository
668
VMScore
CVE-2019-20361
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters prior to 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
Icegram Email Subscribers & Newsletters
1 Github repository
890
VMScore
CVE-2019-13569
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin up to and including 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote malicious user to execute arbitrary SQL commands on the affected system.
Icegram Email Subscribers & Newsletters
445
VMScore
CVE-2020-5780
Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated malicious user to conduct unauthenticated email forgery/spoofing.
Icegram Email Subscribers & Newsletters
445
VMScore
CVE-2018-6015
An issue exists in the "Email Subscribers & Newsletters" plugin prior to 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscr...
Icegram Email Subscribers & Newsletters
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5841
file upload
man-in-the-middle
arbitrary
CVE-2024-27801
CVE-2024-28020
CVE-2024-30080
CVE-2024-30069
CVE-2024-5843
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »