Icegram Icegram Express — known CVE vulnerabilities
Every CVE whose affected-product data names Icegram Icegram Express, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-5756 — CVSS 9.8 (critical): The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is…
CVE-2023-5414 — CVSS 9.1 (critical): The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs…
CVE-2024-4845 — CVSS 8.8 (high): The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and…
CVE-2025-0671 — CVSS 6.1 (medium): The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its Template settings, which could allow high…
CVE-2022-45810 — CVSS 4.7 (medium): Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and…
CVE-2024-11924 — CVSS 3.5 (low): The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings…