CVE-2022-1776

CVE-2022-1776: Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting

Vendor Unknown

Product Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram

Weakness CWE-79 · XSS

Published June 27, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

Key dates

02Disclosure timeline

June 27, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1776 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-31892 WordPress WP Crowdfunding plugin <= 2.1.15 - Cross Site Scripting (XSS) vulnerability CVE-2021-24524 GiveWP < 2.12.0 - Authenticated Stored XSS CVE-2025-15486 Kunze Law <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2025-23841 WordPress Top Flash Embed plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability CVE-2025-23034 Cross-Site Scripting (XSS) Reflected endpoint 'tags.php' parameter 'msg_e' in WeGIA