CVE-2025-12349

Name of the Vulnerable Software and Affected Versions Icegram Express versions prior to 5.9.11

Description The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress does not properly verify user authorization when performing actions within the trigger mailing queue sending function. This allows unauthenticated attackers to force immediate email sending, bypassing the schedule, potentially increasing server load, and altering plugin state, such as the last-cron-hit value, which could lead to abuse or denial-of-service-like effects.

Recommendations Update Icegram Express to version 5.9.11 or later.