Icegram Persistent Cross-Site Scripting
Icegram is a plugin that helps you collect email addresses for your newsletter. Other features include light-box popup offers, header action bars, toast notifications, and slide-in messengers.
Versions 220.127.116.11 and lower are affected by a persistent Cross-Site Scripting in the admin area. This plugin has over 40,000 installations and any attacker with a subscriber account can leverage this vulnerability.
We are not aware of any exploit attempts currently targeting this plugin, but all of our clients behind the website firewall are already protected.