Browse all 34 CVE security advisories affecting Icegram. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Icegram operates as a cloud-based customer engagement platform, primarily facilitating SMS and voice communication for businesses. Its architecture, which integrates web interfaces with backend APIs, has historically exposed it to a significant volume of security flaws, currently totaling 34 recorded CVEs. The most prevalent vulnerability classes involve Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often stemming from inadequate input validation in user-facing components. Additionally, several incidents highlight critical privilege escalation issues, allowing unauthorized users to access administrative functions or sensitive customer data. These defects suggest systemic weaknesses in access control mechanisms and session management within the application’s core logic. While specific major breaches are not widely publicized, the high count of exploitable flaws indicates a need for rigorous code auditing and continuous security monitoring to mitigate risks associated with its communication infrastructure and data handling processes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-5414 | Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read — Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPressCWE-22 | 9.1 | Critical | 2023-10-20 |
| CVE-2023-25024 | WordPress Icegram Collect plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS) — Icegram CollectCWE-79 | 5.9 | Medium | 2023-04-07 |
| CVE-2021-36832 | WordPress Icegram plugin <= 2.0.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability — Popups, Welcome Bar, Optins and Lead Generation Plugin – IcegramCWE-79 | 4.8 | Medium | 2021-10-19 |
| CVE-2018-0602 | WordPress Email Subscribers & Newsletters 跨站脚本漏洞 — Email Subscribers & Newsletters | 6.1 | - | 2018-06-26 |
This page lists every published CVE security advisory associated with Icegram. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.