Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Icegram — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting Icegram. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Icegram operates as a cloud-based customer engagement platform, primarily facilitating SMS and voice communication for businesses. Its architecture, which integrates web interfaces with backend APIs, has historically exposed it to a significant volume of security flaws, currently totaling 34 recorded CVEs. The most prevalent vulnerability classes involve Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often stemming from inadequate input validation in user-facing components. Additionally, several incidents highlight critical privilege escalation issues, allowing unauthorized users to access administrative functions or sensitive customer data. These defects suggest systemic weaknesses in access control mechanisms and session management within the application’s core logic. While specific major breaches are not widely publicized, the high count of exploitable flaws indicates a need for rigorous code auditing and continuous security monitoring to mitigate risks associated with its communication infrastructure and data handling processes.

Top products by Icegram: Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Icegram Email Subscribers & Newsletters Icegram Collect Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building Icegram Express Pro Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-1651 Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-89 6.5 Medium2026-03-04
CVE-2025-68507 WordPress Icegram plugin <= 3.1.35 - Broken Access Control vulnerability — IcegramCWE-862 6.5 Medium2026-01-22
CVE-2025-68038 WordPress Icegram Express Pro plugin < 5.9.14 - PHP Object Injection vulnerability — Icegram Express ProCWE-502 7.2 High2025-12-24
CVE-2025-12348 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-306 5.3 Medium2025-12-12
CVE-2025-66055 WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability — Email Subscribers & NewslettersCWE-502 7.2 High2025-11-21
CVE-2025-12349 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-306 5.3 Medium2025-11-19
CVE-2025-49917 WordPress Icegram Express Pro plugin <= 5.9.5 - Server Side Request Forgery (SSRF) vulnerability — Icegram Express ProCWE-918 4.4 Medium2025-10-22
CVE-2025-47527 WordPress Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.18 - Broken Access Control Vulnerability — Icegram CollectCWE-862 7.1 High2025-06-09
CVE-2025-24542 WordPress Icegram Engage plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability — IcegramCWE-79 6.5 Medium2025-01-24
CVE-2024-39625 WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Message Duplication Vulnerability — IcegramCWE-862 5.3 Medium2024-11-01
CVE-2024-43273 WordPress Icegram Collect plugin <= 1.3.14 - Broken Access Control vulnerability — Icegram CollectCWE-862 5.4 Medium2024-11-01
CVE-2024-8254 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-94 5.4 Medium2024-10-02
CVE-2024-8771 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-862 4.3 Medium2024-09-26
CVE-2024-43272 WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Unpublished Campaign Viewer vulnerability — IcegramCWE-306 5.3 Medium2024-08-19
CVE-2024-43344 WordPress Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA plugin <= 3.1.25 - Cross Site Scripting (XSS) vulnerability — IcegramCWE-79 6.5 Medium2024-08-18
CVE-2024-5703 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-862 4.3 Medium2024-07-17
CVE-2024-6172 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-89 9.8 Critical2024-07-02
CVE-2024-37252 WordPress Email Subscribers by Icegram Express plugin <= 5.7.25 - SQL Injection vulnerability — Email Subscribers & NewslettersCWE-89 9.3 Critical2024-06-26
CVE-2024-5756 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-89 9.8 Critical2024-06-21
CVE-2024-4845 Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-89 8.8 High2024-06-12
CVE-2024-21748 WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability — IcegramCWE-862 4.3 Medium2024-06-08
CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-89 9.8 Critical2024-06-05
CVE-2024-3626 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-862 4.3 Medium2024-05-23
CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-862 8.8 High2024-05-15
CVE-2024-2876 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-89 9.8 Critical2024-05-02
CVE-2024-2656 Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-79 4.4 Medium2024-04-06
CVE-2024-22300 WordPress Icegram Express plugin <= 5.7.11 - Reflected Cross Site Scripting (XSS) vulnerability — Email Subscribers & NewslettersCWE-79 7.1 High2024-03-27
CVE-2023-51532 WordPress Icegram Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS) — Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List BuildingCWE-79 6.5 Medium2024-02-01
CVE-2023-52119 WordPress Icegram Plugin <= 3.1.18 is vulnerable to Cross Site Request Forgery (CSRF) — Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List BuildingCWE-352 4.3 Medium2024-01-05
CVE-2022-45810 WordPress Email Subscribers & Newsletters Plugin <= 5.5.2 is vulnerable to CSV Injection — Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerceCWE-1236 6.1 Medium2023-11-07

This page lists every published CVE security advisory associated with Icegram. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.