WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Icegram <= 1.9.18 - Cross-Site Request Forgery (CSRF) & XSS

Description

The Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) & XSS security vulnerability.

Affects Plugins

icegram
Fixed in version 1.9.19

References

CVE
CVE-2016-10962
CVE
CVE-2016-10963
URL
https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_icegram_wordpress_plugin.html
URL
https://seclists.org/fulldisclosure/2016/Jul/55
URL
https://plugins.trac.wordpress.org/changeset/1456340/icegram

Classification

Type

MULTI

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter
ethicalhack3r
Verified

No

WPVDB ID
edae7b5d-86b8-4d9e-b68a-edacce08b646

Timeline

Publicly Published

2016-07-19 (about 7 years ago)

Added

2016-07-20 (about 7 years ago)

Last Updated

2020-09-22 (about 3 years ago)

Our Other Services

WPScan WordPress Security Plugin