cleantalk
Vulnerabilities and Security Researches

Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building, CVE-2021-24941

CVE, Research URL

CVE-2021-24941

Home page URL

Security reports for Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building

Application

Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building

Published on
Dec 21, 2021
Research Description
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue
Affected versions
Min -, max 2.0.5.
Status
vulnerable
Previous vulnerability researches
Icegram Collect – Easy Form, Lead Collection and Subscription plugin (CVE-2024-43273) , Aug 16, 2024
Icegram Collect – Easy Form, Lead Collection and Subscription plugin (CVE-2023-25024) , Jun 07, 2024
Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building (CVE-2016-10963) , Jun 07, 2024
Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building (CVE-2019-15830) , Jun 07, 2024
Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building (CVE-2023-52119) , Jun 07, 2024
New vulnerability
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting (CVE-2024-12812) , May 17, 2025
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting (CVE-2024-12808) , May 17, 2025
Badgearoo (CVE-2024-13828) , May 17, 2025
Melapress File Monitor (CVE-2024-10009) , May 17, 2025
Aptivada for WP (CVE-2025-48135) , May 17, 2025