WP-Safety

Icegram Collect – Easy Form, Lead Collection and Subscription plugin Security & Risk Analysis

wordpress.org/plugins/icegram-rainmaker

Get readymade contact forms, email subscription forms and custom forms for your website. Choose from beautiful templates and get started within second …

3K active installs v1.3.20 PHP 5.5+ WP 4.0+ Updated Nov 14, 2025
contact-formlead-capturemailchimpsubscription-formwpforms
97
A · Safe
CVEs total3
Unpatched0
Last CVEJun 4, 2025
Plugin page Download
Safety Verdict

Is Icegram Collect – Easy Form, Lead Collection and Subscription plugin Safe to Use in 2026?

Generally Safe

Score 97/100

Icegram Collect – Easy Form, Lead Collection and Subscription plugin has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jun 4, 2025Updated 4mo ago
Risk Assessment

The "icegram-rainmaker" plugin, version 1.3.20, exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and implementing nonce checks for all AJAX handlers, significant concerns remain. The presence of 3 AJAX handlers without authentication checks represents a considerable attack surface, potentially allowing unauthorized actions. Furthermore, a substantial 39% of output escaping indicates a risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data might not be properly sanitized before being displayed to users. The vulnerability history reveals a pattern of medium severity issues, specifically Missing Authorization and Cross-Site Scripting, suggesting a recurring need for more robust input validation and authorization enforcement. While there are no currently unpatched CVEs, the past prevalence of these vulnerability types warrants careful attention.

Key Concerns

  • AJAX handlers without auth checks
  • Low percentage of output escaping
  • History of medium severity vulnerabilities
Vulnerabilities
3

Icegram Collect – Easy Form, Lead Collection and Subscription plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-47527medium · 4.3Missing Authorization

Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.18 - Missing Authorization

Jun 4, 2025 Patched in 1.3.19 (7d)
CVE-2024-43273medium · 4.3Missing Authorization

Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.14 - Missing Authorization

Aug 12, 2024 Patched in 1.3.15 (11d)
CVE-2023-25024medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Icegram Collect <= 1.3.8 - Authenticated(Contributor+) Cross-Site Scripting via Shortcode

Feb 6, 2023 Patched in 1.3.9 (351d)
Code Analysis
Analyzed Mar 16, 2026

Icegram Collect – Easy Form, Lead Collection and Subscription plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
201
129 escaped
Nonce Checks
16
Capability Checks
15
File Operations
3
External Requests
16
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

39% escaped330 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

15 flows3 with unsanitized paths
klawoo_subscribe (lite\classes\class-icegram-rainmaker.php:304)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Icegram Collect – Easy Form, Lead Collection and Subscription plugin Attack Surface

Entry Points17
Unprotected3

AJAX Handlers 16

authwp_ajax_rainmaker_validate_formlite\classes\class-icegram-rainmaker.php:77
noprivwp_ajax_rainmaker_validate_formlite\classes\class-icegram-rainmaker.php:78
authwp_ajax_rm_rainmaker_add_leadlite\classes\class-icegram-rainmaker.php:82
noprivwp_ajax_rm_rainmaker_add_leadlite\classes\class-icegram-rainmaker.php:83
authwp_ajax_ig_rm_klawoo_subscribelite\classes\class-icegram-rainmaker.php:121
authwp_ajax_rm_get_campaignmonitor_datalite\classes\mailers\campaignmonitor.php:12
authwp_ajax_rm_update_campaignmonitor_authenticationlite\classes\mailers\campaignmonitor.php:13
authwp_ajax_rm_disconnect_campaignmonitorlite\classes\mailers\campaignmonitor.php:14
authwp_ajax_rm_get_email_subscribers_datalite\classes\mailers\email_subscribers.php:10
authwp_ajax_rm_get_hubspot_datalite\classes\mailers\hubspot.php:13
authwp_ajax_rm_update_hubspot_authenticationlite\classes\mailers\hubspot.php:14
authwp_ajax_rm_disconnect_hubspotlite\classes\mailers\hubspot.php:15
authwp_ajax_rm_get_mailchimp_datalite\classes\mailers\mailchimp.php:8
authwp_ajax_rm_update_mailchimp_authenticationlite\classes\mailers\mailchimp.php:9
authwp_ajax_rm_disconnect_mailchimplite\classes\mailers\mailchimp.php:10
authwp_ajax_rm_get_mailpoet_datalite\classes\mailers\mailpoet.php:9

Shortcodes 1

[rainmaker_form] lite\classes\class-icegram-rainmaker.php:31
WordPress Hooks 66
actionadmin_headicegram-rainmaker.php:109
actionplugins_loadedicegram-rainmaker.php:241
actionadmin_footerlite\classes\about-icegram-rainmaker.php:11
actionadmin_initlite\classes\class-icegram-rainmaker.php:23
actioninitlite\classes\class-icegram-rainmaker.php:24
actioninitlite\classes\class-icegram-rainmaker.php:25
actionadmin_initlite\classes\class-icegram-rainmaker.php:26
actionedit_form_before_permalinklite\classes\class-icegram-rainmaker.php:27
actionadmin_enqueue_scriptslite\classes\class-icegram-rainmaker.php:28
actionwp_footerlite\classes\class-icegram-rainmaker.php:29
actionsave_postlite\classes\class-icegram-rainmaker.php:30
actionadmin_menulite\classes\class-icegram-rainmaker.php:34
actionrm_about_changeloglite\classes\class-icegram-rainmaker.php:35
filterpost_row_actionslite\classes\class-icegram-rainmaker.php:37
filterbulk_actions-edit-rainmaker_leadlite\classes\class-icegram-rainmaker.php:39
filtermanage_edit-rainmaker_form_columnslite\classes\class-icegram-rainmaker.php:42
actionmanage_rainmaker_form_posts_custom_columnlite\classes\class-icegram-rainmaker.php:43
filtermanage_edit-rainmaker_lead_columnslite\classes\class-icegram-rainmaker.php:45
actionmanage_rainmaker_lead_posts_custom_columnlite\classes\class-icegram-rainmaker.php:46
filtermanage_edit-rainmaker_lead_sortable_columnslite\classes\class-icegram-rainmaker.php:48
actionrainmaker_add_form_design_optionslite\classes\class-icegram-rainmaker.php:50
filterrainmaker_prepare_leadlite\classes\class-icegram-rainmaker.php:52
filterrainmaker_prepare_leadlite\classes\class-icegram-rainmaker.php:53
filterrainmaker_prepare_leadlite\classes\class-icegram-rainmaker.php:54
filterrainmaker_clean_lead_datalite\classes\class-icegram-rainmaker.php:55
filterrainmaker_validate_requestlite\classes\class-icegram-rainmaker.php:56
filterrainmaker_before_formlite\classes\class-icegram-rainmaker.php:57
filterrainmaker_after_formlite\classes\class-icegram-rainmaker.php:58
actionpre_get_postslite\classes\class-icegram-rainmaker.php:60
filterposts_searchlite\classes\class-icegram-rainmaker.php:61
actionrainmaker_post_leadlite\classes\class-icegram-rainmaker.php:63
actionrainmaker_post_leadlite\classes\class-icegram-rainmaker.php:66
filterrainmaker_filter_leadlite\classes\class-icegram-rainmaker.php:69
filterig_rm_tracking_data_paramslite\classes\class-icegram-rainmaker.php:71
filterwidget_textlite\classes\class-icegram-rainmaker.php:74
actionadmin_noticeslite\classes\class-icegram-rainmaker.php:118
actionadmin_initlite\classes\class-icegram-rainmaker.php:119
actionadd_meta_boxeslite\classes\class-icegram-rainmaker.php:120
filtersafe_style_csslite\classes\class-icegram-rainmaker.php:926
actionadmin_enqueue_scriptslite\classes\feedback\class-ig-feedback.php:113
actionadmin_enqueue_scriptslite\classes\feedback\class-ig-feedback.php:114
actionadmin_noticeslite\classes\feedback\class-ig-feedback.php:121
actionadmin_print_footer_scriptslite\classes\feedback\class-ig-feedback.php:338
actionadmin_print_scriptslite\classes\feedback\class-ig-feedback.php:339
actionadmin_footerlite\classes\feedback\class-ig-feedback.php:340
actionrainmaker_loadedlite\classes\feedback\class-ig-plugin-usage-tracker.php:115
actionadmin_noticeslite\classes\feedback\class-ig-plugin-usage-tracker.php:128
actionadmin_initlite\classes\feedback\class-ig-plugin-usage-tracker.php:129
filtercron_scheduleslite\classes\feedback\class-ig-plugin-usage-tracker.php:130
filterhttps_ssl_verifylite\classes\feedback\class-ig-plugin-usage-tracker.php:456
filterig_rm_additional_feedback_meta_infolite\classes\feedback.php:40
filterig_rm_review_message_datalite\classes\feedback.php:66
filterig_rm_can_ask_user_for_reviewlite\classes\feedback.php:100
filterig_rm_show_plugin_usage_tracking_noticelite\classes\feedback.php:124
actionrainmaker_post_leadlite\classes\mailers\campaignmonitor.php:15
filterrainmaker_mailerslite\classes\mailers\campaignmonitor.php:16
actionrainmaker_post_leadlite\classes\mailers\email_subscribers.php:8
filterrainmaker_mailerslite\classes\mailers\email_subscribers.php:9
actionrainmaker_post_leadlite\classes\mailers\hubspot.php:16
filterrainmaker_mailerslite\classes\mailers\hubspot.php:17
actionrainmaker_post_leadlite\classes\mailers\mailchimp.php:11
filterrainmaker_mailerslite\classes\mailers\mailchimp.php:12
actionrainmaker_post_leadlite\classes\mailers\mailpoet.php:10
filterrainmaker_mailerslite\classes\mailers\mailpoet.php:11
actionrainmaker_add_form_actionslite\classes\rm-pro-features.php:3
actionrestrict_manage_postslite\classes\rm-pro-features.php:4
Maintenance & Trust

Icegram Collect – Easy Form, Lead Collection and Subscription plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 14, 2025
PHP min version5.5
Downloads408K

Community Trust

Rating94/100
Number of ratings30
Active installs3K
Alternatives

Icegram Collect – Easy Form, Lead Collection and Subscription plugin Alternatives

Integration for Mailchimp – Contact Form 7, WPForms, Elementor, Gravity Forms and More

Integration for Mailchimp – Contact Form 7, WPForms, Elementor, Gravity Forms and More

integrate-with-mailchimp

A
100

Connect Contact Form 7, WPForms, Elementor Forms, Gravity Forms, and more form submissions with Mailchimp.

10 No CVEs
Redirection for Contact Form 7

Redirection for Contact Form 7

wpcf7-redirect

A
88

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs
Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR)

Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR)

contact-form-7-image-captcha

A
100

Adds an Image CAPTCHA to Contact Form 7 and WPForms, GDPR ready, perfect WPForms or Contact Form 7 Spam Protection Image CAPTCHA, adds a honeypot

80K No CVEs
Database for Contact Form 7, WPforms, Elementor forms

Database for Contact Form 7, WPforms, Elementor forms

contact-form-entries

B
76

Saves Contact Form 7, WPforms,Elementor Forms, CRM Perks Forms and many other contact form submissions to database.

70K 13 CVEs
Connect Contact Form 7 and Mailchimp

Connect Contact Form 7 and Mailchimp

contact-form-7-mailchimp-extension

A
96

Connect Contact Form 7 to Mailchimp. Automatically sync form submissions to your Mailchimp audiences with merge field mapping, double opt-in, and opt- &hellip;

50K 3 CVEs
Developer Profile

Icegram Collect – Easy Form, Lead Collection and Subscription plugin Developer Profile

Icegram

8 plugins · 84K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
571 days
View full developer profile
Detection Fingerprints

How We Detect Icegram Collect – Easy Form, Lead Collection and Subscription plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/icegram-rainmaker/lite/css/rm-admin-style.css/wp-content/plugins/icegram-rainmaker/lite/css/rm-frontend-style.css/wp-content/plugins/icegram-rainmaker/lite/js/rm-admin-script.js/wp-content/plugins/icegram-rainmaker/lite/js/rm-frontend-script.js
Script Paths
/wp-content/plugins/icegram-rainmaker/lite/js/rm-admin-script.js/wp-content/plugins/icegram-rainmaker/lite/js/rm-frontend-script.js
Version Parameters
icegram-rainmaker/lite/css/rm-admin-style.css?ver=icegram-rainmaker/lite/css/rm-frontend-style.css?ver=icegram-rainmaker/lite/js/rm-admin-script.js?ver=icegram-rainmaker/lite/js/rm-frontend-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
ig-rm-form-wrapperrm-modal-contentrm-form-fieldrm-modal-overlay
HTML Comments
<!-- Icegram Rainmaker --><!-- Icegram Rainmaker Form Wrapper --><!-- Icegram Rainmaker Modal Overlay --><!-- Icegram Rainmaker Modal Content -->+1 more
Data Attributes
data-rm-modal-iddata-rm-form-id
JS Globals
window.ig_rm_ajax_objectvar ig_rm_params
REST Endpoints
/wp-json/icegram-rainmaker/v1/submit-form
Shortcode Output
[icegram_rainmaker_form id='']
FAQ

Frequently Asked Questions about Icegram Collect – Easy Form, Lead Collection and Subscription plugin