Browse all 34 CVE security advisories affecting icegram. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Icegram operates as a cloud-based customer engagement platform, primarily facilitating SMS and voice communication for businesses. Its architecture, which integrates web interfaces with backend APIs, has historically exposed it to a significant volume of security flaws, currently totaling 34 recorded CVEs. The most prevalent vulnerability classes involve Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often stemming from inadequate input validation in user-facing components. Additionally, several incidents highlight critical privilege escalation issues, allowing unauthorized users to access administrative functions or sensitive customer data. These defects suggest systemic weaknesses in access control mechanisms and session management within the application’s core logic. While specific major breaches are not widely publicized, the high count of exploitable flaws indicates a need for rigorous code auditing and continuous security monitoring to mitigate risks associated with its communication infrastructure and data handling processes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-47527 | WordPress Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.18 - Broken Access Control Vulnerability — Icegram CollectCWE-862 | 7.1 | High | 2025-06-09 |
| CVE-2024-43273 | WordPress Icegram Collect plugin <= 1.3.14 - Broken Access Control vulnerability — Icegram CollectCWE-862 | 5.4 | Medium | 2024-11-01 |
| CVE-2023-25024 | WordPress Icegram Collect plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS) — Icegram CollectCWE-79 | 5.9 | Medium | 2023-04-07 |
This page lists every published CVE security advisory associated with icegram. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.