Wordpress
July 4, 2020

Icegram Persistent Cross-Site Scripting

Nick

Icegram is a plugin that helps you collect email addresses for your newsletter. Other features include light-box popup offers, header action bars, toast notifications, and slide-in messengers.

Versions 1.10.28.2 and lower are affected by a persistent Cross-Site Scripting in the admin area. This plugin has over 40,000 installations and any attacker with a subscriber account can leverage this vulnerability.

We are not aware of any exploit attempts currently targeting this plugin, but all of our clients behind the website firewall are already protected.

Continue reading Icegram Persistent Cross-Site Scripting at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 5, 2023 to June 11, 2023)

Last week, there were 45 vulnerabilities disclosed in 30 WordPress Plugins and no WordPress themes that have been added to…

Read Story
Wordpress
June 15, 2023

WordPress Vulnerability & Patch Roundup May 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are…

Read Story
Wordpress
March 6, 2024

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13, 2023 to November 19, 2023)

Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View…

Read Story
Wordpress
November 23, 2023

Emergency WordPress Help

One of our techs will get back to you within minutes.