WordPress Plugin Vulnerabilities

Icegram < 3.1.25 - Missing Authorization

Description

The Icegram plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the display_messages() function in versions up to, and including, 3.1.24. This makes it possible for unauthenticated attackers to preview campaigns

Affects Plugins

Plugin icon
icegram
Fixed in 3.1.25

References

CVE
CVE-2024-43272
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/990d62fd-dc55-446e-b3ff-52c7c121aeb8

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dhabaleshwar Das
Verified
No
WPVDB ID
b9b18662-4dba-41f4-bf52-75f681712a8a

Timeline

Publicly Published
2024-08-12 (about 1 year ago)
Added
2024-08-22 (about 1 year ago)
Last Updated
2024-08-22 (about 1 year ago)

Other

Published
Title
Published
2025-01-07
Title
Title Experiments Free <= 9.0.4 - Missing Authorization
Published
2025-10-08
Title
Rank Math SEO PRO < 3.0.97 - Missing Authorization
Published
2024-02-05
Title
Advanced Forms for ACF < 1.9.3.3 - Missing Authorization to Unauthenticated Form Settings Export
Published
2024-11-19
Title
Yaad Sarig Payment Gateway For WC < 2.2.5 - Subscriber+ Log Read/Deletion
Published
2023-11-03
Title
Animated Rotating Words < 5.5 - Cross-Site Request Forgery via save_admin_options