Email Subscribers & Newsletters
Icegram
Developer
5.9.21
Latest version
60,000
Installations
No date
Last updated
Vulnerability history
0 present
33 patched
10 Mitigation rules
- Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter vulnerability<= 5.9.1603/03/2026
- WordPress Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin <= 5.7.17 - Missing Authorization vulnerability<= 5.7.1702/02/2026
- Admin+ Stored XSS vulnerability< 5.7.4531/12/2025
- Admin+ Stored XSS vulnerability< 5.7.4531/12/2025
- Admin+ Stored XSS vulnerability< 5.7.4531/12/2025
- Missing Authentication to Unauthenticated Action Scheduler Task Execution vulnerability<= 5.9.1012/12/2025
- Missing Authentication to Unauthenticated Mailing Queue Trigger vulnerability<= 5.9.1018/11/2025
- PHP Object Injection vulnerability<= 5.9.1008/11/2025
- Admin+ Stored XSS in Template vulnerability< 5.7.5025/04/2025
- Admin+ Stored XSS vulnerability< 5.7.5217/04/2025
- Admin+ Stored XSS vulnerability< 5.7.4513/01/2025
- Admin+ SQL Injection vulnerability< 5.7.4406/01/2025
- Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability<= 5.7.3402/10/2024
- Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability<= 5.7.3426/09/2024
- Missing Authorization vulnerability<= 5.7.2617/07/2024
- Unauthenticated SQL Injection vulnerability<= 5.7.2526/06/2024
- Unauthenticated SQL Injection vulnerability<= 5.7.2320/06/2024
- Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] vulnerability<= 5.7.2212/06/2024
- Unauthenticated SQL Injection via hash vulnerability<= 5.7.2005/06/2024
- Missing Authorization in handle_ajax_request vulnerability<= 5.7.1915/05/2024
- Unauthenticated SQL Injection vulnerability<= 5.7.1416/04/2024
- Authenticated (Administrator+) Cross-Site Scripting via CSV import vulnerability<= 5.7.1508/04/2024
- Broken Access Control vulnerability<= 5.7.1305/04/2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 5.7.1126/03/2024
- Authenticated (Administrator+) Directory Traversal to Arbitrary File Read vulnerability<= 5.6.2312/10/2023
- CSV Injection<= 5.5.206/02/2023
- Unauthenticated email forgery/spoofing vulnerability<= 4.5.510/09/2020
- Authenticated SQL injection (SQLi) vulnerability<= 4.5.0.117/07/2020
- Cross-Site Request Forgery (CSRF) vulnerability<= 4.5.0.117/07/2020
- Multiple security issues<= 4.2.213/11/2019
- Cross-Site Scripting (XSS) vulnerability<= 4.1.614/08/2019
- Missing Function Level Access Control vulnerability<= 3.4.719/01/2018
- Multiple Vulnerabilities<= 2.910/08/2015