CVE-2025-12348
Unknown Unknown - Not Provided
Missing Authorization in Icegram Express Plugin Enables Unauthorized Task Execution

Publication date: 2025-12-12

Last updated on: 2025-12-12

Assigner: Wordfence

Description
The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `run_action_scheduler_task` function. This makes it possible for unauthenticated attackers to execute scheduled actions early or repeatedly by guessing action IDs, potentially triggering email sends, maintenance tasks, or other privileged operations, causing unexpected state changes and resource usage.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-12
Last Modified
2025-12-12
Generated
2026-06-16
AI Q&A
2025-12-12
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12348
EUVD
EUVD-2025-203070
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
icegram email_subscribers_newsletters_and_marketing_automation_plugin 5.9.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the Icegram Express plugin for WordPress is a Missing Authorization issue in versions up to 5.9.10. It occurs because the plugin does not properly verify if a user is authorized to perform certain actions in the run_action_scheduler_task function. This allows unauthenticated attackers to guess action IDs and execute scheduled actions earlier or multiple times than intended, potentially triggering email sends, maintenance tasks, or other privileged operations.

Impact Analysis

This vulnerability can allow unauthenticated attackers to trigger scheduled actions prematurely or repeatedly. This may cause unexpected changes in the system state, unintended email sends, excessive resource usage, and execution of privileged operations without authorization.

Compliance Impact

The provided resources and context do not contain information about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized or unexpected calls to the `run_action_scheduler_task` function, especially HTTP requests to `admin-ajax.php` with parameters like `action=ig_es_run_action_scheduler_task` and guessed or repeated `action_id` values. Network or web server logs can be searched for such suspicious AJAX requests. Commands to detect this might include using grep on web server logs, for example: `grep 'action=ig_es_run_action_scheduler_task' /var/log/apache2/access.log` or `grep 'action_id=' /var/log/apache2/access.log` to identify repeated or unusual action IDs being triggered. Additionally, monitoring for unexpected email sends or resource usage spikes related to the plugin's scheduled tasks could indicate exploitation attempts. [2, 3]

Mitigation Strategies

Immediate mitigation steps include updating the Icegram Express plugin to a version later than 5.9.10 where the vulnerability is fixed (such as 5.9.11 or later). If an update is not immediately possible, restrict access to the AJAX endpoint `admin-ajax.php` for unauthenticated users or implement web application firewall (WAF) rules to block or rate-limit requests with the `action=ig_es_run_action_scheduler_task` parameter. Monitoring and blocking suspicious requests with guessed or repeated `action_id` values can also help reduce exploitation risk. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12348. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart