WordPress Plugin Vulnerabilities

Icegram <= 1.9.18 - Cross-Site Request Forgery (CSRF) & XSS

Description

The Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) & XSS security vulnerability.

Affects Plugins

Plugin icon
icegram
Fixed in 1.9.19

References

CVE
CVE-2016-10962
CVE
CVE-2016-10963
URL
https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_icegram_wordpress_plugin.html
URL
https://seclists.org/fulldisclosure/2016/Jul/55
URL
https://plugins.trac.wordpress.org/changeset/1456340/icegram

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
edae7b5d-86b8-4d9e-b68a-edacce08b646

Timeline

Publicly Published
2016-07-19 (about 9 years ago)
Added
2016-07-20 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2016-07-06
Title
WP Maintenance Mode <= 2.0.6 - Authenticated Multisite Remote Code Execution
Published
2019-04-05
Title
Form Maker by 10Web < 1.13.5 - Cross-Site Request Forgery (CSRF) to LFI
Published
2014-08-01
Title
wp-cleanfix - Remote Comm& Execution, CSRF & XSS
Published
2020-03-13
Title
Fruitful < 3.8.2 - Authenticated Stored XSS & Theme Options Deletion
Published
2019-05-25
Title
Related YouTube Videos <= 1.9.8 - CSRF & XSS