- Description
- The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks
- Source
- contact@wpscan.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
CVE-2024-12302 01/06/2025 06:15:06 AM BaseSeverity: MEDIUM The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above ... https://t.co/Ve617k0BrU
@CVETracker
6 Jan 2025
30 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12302 Stored XSS Vulnerability in Icegram Engage Plugin Below 3.1.32 The Icegram Engage WordPress plugin versions before 3.1.32 have a vulnerability in some Campaign settings. These settings are not prop... https://t.co/LZnS689cna
@VulmonFeeds
6 Jan 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12302 The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored C… https://t.co/OJBJvUPRDX
@CVEnew
6 Jan 2025
526 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes