CVE-2024-12302

The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:icegram:icegram_engage:*:*:*:*:*:wordpress:*:*

History

14 May 2025, 14:14

Type Values Removed Values Added
CWE CWE-79
First Time Icegram
Icegram icegram Engage
References () https://wpscan.com/vulnerability/ed860dac-8c4a-482f-8826-31f1a894b6ce/ - () https://wpscan.com/vulnerability/ed860dac-8c4a-482f-8826-31f1a894b6ce/ - Exploit, Third Party Advisory
Summary
  • (es) El complemento Icegram Engage para WordPress anterior a la versión 3.1.32 no desinfecta ni escapa a algunas de las configuraciones de su campaña, lo que podría permitir a los autores y a cargos superiores realizar ataques de cross site scripting almacenado.
CPE cpe:2.3:a:icegram:icegram_engage:*:*:*:*:*:wordpress:*:*

06 Jan 2025, 14:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1

06 Jan 2025, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-06 06:15

Updated : 2025-05-14 14:14


NVD link : CVE-2024-12302

Mitre link : CVE-2024-12302

CVE.ORG link : CVE-2024-12302


JSON object : View

Products Affected

icegram

  • icegram_engage
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')