CVE-2024-13482
Icegram Engage < 3.1.32 - Admin+ Stored XSSThe Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
We have discovered 1,826 live websites that are affected by CVE-2024-13482.
Affected Software
| Product |  Icegram |
| Category | Lead Generation |
| Vulnerable Domains | 1,826 live websites (43% of Icegram install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 117 versions ( 97% of all versions) |
Common Weakness Enumeration
CWE-287 Improper AuthenticationDetails
- Published - May 15, 2025
- Updated - May 20, 2025
Credits
- Dmitrii Ignatyev (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-13482 United States | 710 websites |
 France | 118 websites |
 Germany | 110 websites |
 Italy | 102 websites |
 Spain | 62 websites |
 Poland | 52 websites |
 GB | 50 websites |
 Netherlands | 45 websites |
 Australia | 35 websites |
 Romania | 34 websites |
Website Distribution by TLD
Number of websites using CVE-2024-13482| .com | 890 websites |
| .org | 78 websites |
| .it | 66 websites |
| .es | 50 websites |
| .de | 49 websites |
| .net | 47 websites |
| .fr | 45 websites |
| .pl | 40 websites |
| .co.uk | 39 websites |
| .nl | 32 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-13482
Top websites that are affected by CVE-2024-13482. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | **,*** | |
| ******.**.id |  Indonesia | ***,*** | |
| **************.it | Netherlands | ***,*** | |
| ***********.com | United States | ***,*** | |
| ******.com | United States | ***,*** | |
| *********.com |  Bangladesh | ***,*** | |
| ********.es | United States | ***,*** | |
| *****.fr | United States | ***,*** | |
| ************.org | United States | ***,*** | |
| ************.***.hk |  Hong Kong | ***,*** |
FAQ
CVE-2024-13482 is Improper Authentication in Icegram
A total of 1,826 websites have been identified as vulnerable to CVE-2024-13482, based on global website indexing conducted by WebTechSurvey.
The Icegram is affected by the CVE-2024-13482 vulnerability.
Icegram versions up to 3.1.32 are vulnerable to CVE-2024-13482.
CVE-2024-13482 is resolved in version 3.1.32 of Icegram.