WordPress Plugin Vulnerabilities

Icegram < 3.1.25 - Missing Authorization to Unauthenticated Message Duplication

Description

The Icegram plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_message() function in versions up to, and including, 3.1.24. This makes it possible for unauthenticated attackers to duplicate messages.

Affects Plugins

Plugin icon
icegram
Fixed in 3.1.25

References

CVE
CVE-2024-39625
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/ad5782d6-f36b-4b7d-b6c0-b9329fb8725c

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
f45f9e3c-b376-4c82-8fbd-2a30c5dfc406

Timeline

Publicly Published
2024-07-22 (about 1 year ago)
Added
2024-08-01 (about 1 year ago)
Last Updated
2024-08-01 (about 1 year ago)

Other

Published
Title
Published
2025-04-01
Title
WP AutoKeyword <= 1.0 - Missing Authorization to Arbitrary Content Deletion
Published
2026-02-09
Title
WCFM Marketplace < 3.7.1 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation
Published
2023-10-26
Title
Deeper Comments <= 2.1.1 - Subscriber+ Arbitrary Options Update
Published
2024-07-31
Title
AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.5 - Missing Authorization to Unauthenticated Ad Status Update
Published
2024-09-24
Title
Uncanny Groups for LearnDash < 6.1.1 - Authenticated (Group Leader+) Privilege Escalation