Icegram Icegram Engage — known CVE vulnerabilities
Every CVE whose affected-product data names Icegram Icegram Engage, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2016-10962 — CVSS 6.5 (medium): The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.
CVE-2023-51532 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage – WordPress…
CVE-2024-12302 — CVSS 6.1 (medium): The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and…
CVE-2023-2398 — CVSS 6.1 (medium): The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a…
CVE-2024-13486 — CVSS 4.8 (medium): The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2024-13482 — CVSS 4.8 (medium): The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2021-36832 — CVSS 4.8 (medium): WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline"…