WordPress Plugin Vulnerabilities

Icegram Collect – Easy Form, Lead Collection and Subscription plugin < 1.3.19 - Missing Authorization

Description

The Icegram Collect – Easy Form, Lead Collection and Subscription plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.18. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
icegram-rainmaker
Fixed in 1.3.19

References

CVE
CVE-2025-47527
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/99c07c94-39c1-4d13-9abe-78cf88daca2f

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
ch4r0n
Verified
No
WPVDB ID
988cd693-2940-4503-842f-3cf3912400e5

Timeline

Publicly Published
2025-06-04 (about 1 year ago)
Added
2025-06-10 (about 1 year ago)
Last Updated
2025-06-10 (about 1 year ago)

Other

Published
Title
Published
2026-03-17
Title
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools < 7.11.3 - Missing Authorization
Published
2025-08-27
Title
Ajax Search Lite < 4.13.2 - Missing Authorization to Unauthenticated Basic Information Exposure via ASL_Query in AJAX Search Handler
Published
2026-01-16
Title
Phrase TMS Integration for WordPress < 4.7.6 - Missing Authorization to Authenticated (Subscriber+) Log Deletion
Published
2026-03-27
Title
FOX < 1.4.6 - Missing Authorization
Published
2026-01-24
Title
Wired Impact Volunteer Management < 2.8.1 - Missing Authorization