Icegram is a plugin that helps you collect email addresses for your newsletter. Other features include light-box popup offers, header action bars, toast notifications, and slide-in messengers.
Versions 1.10.28.2 and lower are affected by a persistent Cross-Site Scripting in the admin area. This plugin has over 40,000 installations and any attacker with a subscriber account can leverage this vulnerability.
We are not aware of any exploit attempts currently targeting this plugin, but all of our clients behind the website firewall are already protected.
Continue reading Icegram Persistent Cross-Site Scripting at Sucuri Blog.
Source: Sucuri
