Vulnerabilities and security researches foricegram-rainmaker icegram-rainmaker

Jun 07, 2024

CVE, Research URL: CVE-2023-25024
Home page URL: Security reports for Icegram Collect – Easy Form, Lead Collection and Subscription plugin
Application: Icegram Collect – Easy Form, Lead Collection and Subscription plugin
Date: Apr 07, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Icegram Icegram Collect plugin <= 1.3.8 versions.
Affected versions: max 1.3.9.
Status: vulnerable

Aug 16, 2024

CVE, Research URL: CVE-2024-43273
Home page URL: Security reports for Icegram Collect – Easy Form, Lead Collection and Subscription plugin
Application: Icegram Collect – Easy Form, Lead Collection and Subscription plugin
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in icegram Icegram Collect plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect plugin: from n/a through 1.3.14.
Affected versions: max 1.3.15.
Status: vulnerable

Jun 15, 2025

CVE, Research URL: CVE-2025-47527
Home page URL: Security reports for Icegram Collect – Easy Form, Lead Collection and Subscription plugin
Application: Icegram Collect – Easy Form, Lead Collection and Subscription plugin
Date: Jun 09, 2025
Research Description: Missing Authorization vulnerability in Icegram Icegram Collect – Easy Form, Lead Collection and Subscription plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Icegram Collect – Easy Form, Lead Collection and Subscription plugin: from n/a through 1.3.18.
Affected versions: max 1.3.19.
Status: vulnerable