GCVE - cpe:2.3:a:icegram:icegram_express:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:icegram:icegram_express:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Icegram (`4ca468ee-dbe6-5dc5-9b8a-a191dfaeac5f`)
Product	Icegram Express (`10bb4ff2-25b0-5e66-b93b-9122555068c8`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-21748`	vulnerable	2026-06-08 06:27:36.456069	WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability MEDIUM (4.3) Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21. Published: 2024-06-08T16:14:02.597Z Updated: 2026-04-28T16:09:07.898Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-20-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11924`	vulnerable	2026-06-08 06:23:50.677317	Email Subscribers < 5.7.52 - Admin+ Stored XSS The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). Published: 2025-04-17T06:00:07.902Z Updated: 2025-04-17T16:03:59.335Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/70288369-132d-4211-bca0-0411736df747/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5414`	vulnerable	2026-06-08 06:19:43.555908	Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read CRITICAL (9.1) The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments. Published: 2023-10-20T06:35:19.665Z Updated: 2026-04-08T16:48:40.637Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/417186ba-36ef-4d06-bbcd-e85eb9219689?source=cve https://plugins.trac.wordpress.org/browser/email-subscribers/trunk/lite/includes/classes/class-email-subscribers-logs.php?rev=2919465#L28 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977318%40email-subscribers%2Ftrunk&old=2972043%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=#file4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-45810`	vulnerable	2026-06-08 05:50:37.247727	WordPress Email Subscribers & Newsletters Plugin <= 5.5.2 is vulnerable to CSV Injection MEDIUM (6.1) Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2. Published: 2023-11-07T16:50:04.184Z Updated: 2026-04-28T16:07:52.845Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.