Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

icegram — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting icegram. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Icegram operates as a cloud-based customer engagement platform, primarily facilitating SMS and voice communication for businesses. Its architecture, which integrates web interfaces with backend APIs, has historically exposed it to a significant volume of security flaws, currently totaling 34 recorded CVEs. The most prevalent vulnerability classes involve Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often stemming from inadequate input validation in user-facing components. Additionally, several incidents highlight critical privilege escalation issues, allowing unauthorized users to access administrative functions or sensitive customer data. These defects suggest systemic weaknesses in access control mechanisms and session management within the application’s core logic. While specific major breaches are not widely publicized, the high count of exploitable flaws indicates a need for rigorous code auditing and continuous security monitoring to mitigate risks associated with its communication infrastructure and data handling processes.

Found 6 results / 34Clear Filters
Top products by icegram: Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress Icegram Email Subscribers & Newsletters Icegram Collect Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building Icegram Express Pro Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2025-68507 WordPress Icegram plugin <= 3.1.35 - Broken Access Control vulnerability — IcegramCWE-862 6.5 Medium2026-01-22
CVE-2025-24542 WordPress Icegram Engage plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability — IcegramCWE-79 6.5 Medium2025-01-24
CVE-2024-39625 WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Message Duplication Vulnerability — IcegramCWE-862 5.3 Medium2024-11-01
CVE-2024-43272 WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Unpublished Campaign Viewer vulnerability — IcegramCWE-306 5.3 Medium2024-08-19
CVE-2024-43344 WordPress Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA plugin <= 3.1.25 - Cross Site Scripting (XSS) vulnerability — IcegramCWE-79 6.5 Medium2024-08-18
CVE-2024-21748 WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability — IcegramCWE-862 4.3 Medium2024-06-08

This page lists every published CVE security advisory associated with icegram. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.