CVE-2024-12302

Name of the Vulnerable Software and Affected Versions Icegram Engage WordPress plugin versions prior to 3.1.32

Description The issue concerns the Icegram Engage WordPress plugin, where versions prior to 3.1.32 do not properly sanitise and escape some of its Campaign settings. This could allow authors and those with higher roles to perform Stored Cross-Site Scripting attacks.

Recommendations For versions prior to 3.1.32, update to version 3.1.32 or later to resolve the issue. As a temporary workaround, consider restricting access to the Campaign settings to minimize the risk of exploitation. Avoid using the vulnerable Campaign settings until the issue is resolved.