Object Injection Vulnerability in Icegram Express Pro by Icegram
CVE-2025-68038

Currently unrated

Key Information:

Vendor

WordPress
Status
Icegram Express Pro
Vendor
CVE Published:
24 December 2025

What is CVE-2025-68038?

The Icegram Express Pro email-subscribers-premium plugin is susceptible to a deserialization of untrusted data vulnerability, which could lead to object injection. This weakness affects versions 5.9.11 and earlier, allowing attackers to manipulate serialized data and potentially execute malicious code. Users are urged to update to the latest version to safeguard their systems against this risk.

Affected Version(s)

Icegram Express Pro <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/emai...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

theviper17 | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68038 : Object Injection Vulnerability in Icegram Express Pro by Icegram