cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-12302,https://securityvulnerability.io/vulnerability/CVE-2024-12302,Stored Cross-Site Scripting Vulnerability in Icegram Engage WordPress Plugin,"The Icegram Engage plugin for WordPress, prior to version 3.1.32, lacks proper sanitization and escaping for certain campaign settings. This oversight could enable users with author privileges and above to craft malicious input, potentially leading to Stored Cross-Site Scripting (XSS) vulnerabilities. Attackers could exploit this flaw to execute arbitrary scripts in the context of users visiting affected pages, thereby compromising user data and site integrity.",Wordpress,Icegram Engage,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-06T06:00:14.000Z,true,false,false,,2025-01-06T06:00:14.809Z,0 CVE-2023-51532,https://securityvulnerability.io/vulnerability/CVE-2023-51532,WordPress Icegram Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS),"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.19. ",Wordpress,"Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building",5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-02-01T11:00:07.700Z,0 CVE-2023-52119,https://securityvulnerability.io/vulnerability/CVE-2023-52119,WordPress Icegram Plugin <= 3.1.18 is vulnerable to Cross Site Request Forgery (CSRF),"Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18. ",Wordpress,"Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building",4.3,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-01-05T10:15:00.000Z,0 CVE-2023-2398,https://securityvulnerability.io/vulnerability/CVE-2023-2398,Icegram Engage < 3.1.12 - Reflected XSS,"The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,Icegram Engage,6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2023-06-12T18:15:00.000Z,0 CVE-2016-10962,https://securityvulnerability.io/vulnerability/CVE-2016-10962,Cross-Site Request Forgery in Icegram Plugin for WordPress,"The Icegram plugin for WordPress, prior to version 1.9.19, is susceptible to a Cross-Site Request Forgery (CSRF) attack. The vulnerability arises through improper handling of the 'option_name' parameter in the wp-admin/edit.php script, which could allow an attacker to trick an authenticated user into executing unwanted actions on the site. This can lead to unauthorized changes and compromises the integrity of the WordPress installation.",Wordpress,Icegram Engage,6.5,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2019-09-16T13:15:00.000Z,0 CVE-2016-10963,https://securityvulnerability.io/vulnerability/CVE-2016-10963,Cross-Site Scripting in Icegram Plugin for WordPress,"The Icegram plugin for WordPress, before version 1.9.19, is susceptible to a Cross-Site Scripting vulnerability. This flaw allows attackers to inject malicious scripts through input fields, potentially compromising user data and the overall integrity of affected WordPress sites. Users of the plugin are advised to upgrade to the latest version to mitigate these security risks.",Wordpress,Icegram Engage,6.1,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2019-09-16T13:15:00.000Z,0 CVE-2019-15830,https://securityvulnerability.io/vulnerability/CVE-2019-15830,Cross-Site Scripting Vulnerability in Icegram Plugin for WordPress,"The Icegram plugin for WordPress prior to version 1.10.29 is susceptible to a Cross-Site Scripting (XSS) vulnerability. This issue arises from improper handling of input data, allowing attackers to inject malicious scripts. If exploited, this vulnerability can lead to unauthorized actions and data exposure on affected WordPress sites, emphasizing the critical importance of applying timely updates and security patches.",Wordpress,Icegram Engage,5.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2019-08-30T14:15:00.000Z,0