🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building

Information

Software Type	Plugin
Software Slug	icegram (view on wordpress.org)
Software Status	Active
Software Author	icegram
Software Website	www.icegram.com
Software Downloads	2,263,168
Software Active Installs	20,000
Software Record Last Updated	May 11, 2024

10 Vulnerabilities

Icegram <= 3.1.21 - Missing Authorization

4.3

CVE-2024-21748

Jan 5, 2024

Researcher: Huynh Tien Si

Icegram <= 3.1.18 - Cross-Site Request Forgery via save_campaign_preview

4.3

CVE-2023-52119

Dec 28, 2023

Researcher: Brandon James Roldan (tomorrowisnew)

Icegram <= 3.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Campaign Message

6.4

CVE-2023-51532

Dec 27, 2023

Researcher: Huynh Tien Si

Icegram Engage <= 3.1.11 - Reflected Cross-Site Scripting

6.1

CVE-2023-2398

May 22, 2023

Researcher: Erwan LR

Icegram Engage <= 2.1.7 - Cross-Site Scripting

6.1

CVE-2022-1776

May 30, 2022

Researcher: Pritam Dash

Icegram <= 2.0.4 - Reflected Cross-Site Scripting via message_id

6.1

CVE-2021-24941

Nov 22, 2021

Researcher: ZhongFu Su

Icegram <= 2.0.2 - Authenticated Stored Cross-Site Scripting

4.8

CVE-2021-36832

Aug 17, 2021

Researcher: Asif Nawaz Minhas

Icegram <= 1.10.28.2 - Cross-Site Scripting

6.4

CVE-2019-15830

Jul 9, 2019

Researcher: John Castro

Icegram <= 1.9.18 - Cross-Site Request Forgery

8.8

CVE-2016-10962

Jul 19, 2016

Researcher: Yorick Koster,

Icegram <= 1.9.18 - Cross-Site Scripting

6.1

CVE-2016-10963

Jul 19, 2016

Researchers:

Title	CVE ID	CVSS	Researchers	Date
Icegram <= 3.1.21 - Missing Authorization	CVE-2024-21748	4.3	Huynh Tien Si	January 5, 2024
Icegram <= 3.1.18 - Cross-Site Request Forgery via save_campaign_preview	CVE-2023-52119	4.3	Brandon James Roldan (tomorrowisnew)	December 28, 2023
Icegram <= 3.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Campaign Message	CVE-2023-51532	6.4	Huynh Tien Si	December 27, 2023
Icegram Engage <= 3.1.11 - Reflected Cross-Site Scripting	CVE-2023-2398	6.1	Erwan LR	May 22, 2023
Icegram Engage <= 2.1.7 - Cross-Site Scripting	CVE-2022-1776	6.1	Pritam Dash	May 30, 2022
Icegram <= 2.0.4 - Reflected Cross-Site Scripting via message_id	CVE-2021-24941	6.1	ZhongFu Su	November 22, 2021
Icegram <= 2.0.2 - Authenticated Stored Cross-Site Scripting	CVE-2021-36832	4.8	Asif Nawaz Minhas	August 17, 2021
Icegram <= 1.10.28.2 - Cross-Site Scripting	CVE-2019-15830	6.4	John Castro	July 9, 2019
Icegram <= 1.9.18 - Cross-Site Request Forgery	CVE-2016-10962	8.8	Yorick Koster,	July 19, 2016
Icegram <= 1.9.18 - Cross-Site Scripting	CVE-2016-10963	6.1		July 19, 2016

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation