CVE-2025-11994

The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-11994

The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-11994 Easy Email Subscription <= 1.3 - Unauthenticated Stored Cross-Site Scripting

The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-11994

The CVE-2025-11994 entry refers to the WordPress Easy Email Subscription plugin (versions up to and including 1.3) with an unauthenticated stored XSS via the name parameter due to insufficient input sanitization and output escaping. Wordfence’s report confirms this as a real vulnerability affecti...

EUVD-2025-124904

The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-11994 Easy Email Subscription <= 1.3 - Unauthenticated Stored Cross-Site Scripting

The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

WordPress Easy Email Subscription plugin <= 1.3 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Easy Email Subscription versions = 1.3...

PT-2025-46648

Name of the Vulnerable Software and Affected Versions Easy Email Subscription plugin for WordPress versions up to and including 1.3 Description The software is susceptible to Stored Cross-Site Scripting through the name parameter. Insufficient input sanitization and output escaping allow...

WordPress plugin Easy Email Subscription 跨站脚本漏洞

The WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website, allowing users to receive new content updates via email. WordPress Easy Email Subscription plugin suffers from a cross-site scripting vulnerability that stems from the...

WordPress Easy Email Subscription plugin SQL Injection Vulnerability

WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. WordPress Easy Email Subscription plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements...

WordPress Easy Email Subscription plugin Cross-Site Request Forgery Vulnerability

WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. The WordPress Easy Email Subscription plugin suffers from a cross-site request forgery vulnerability that originates from a web application that does not adequately validate...

CVE-2025-10683

The Easy Email Subscription plugin for WordPress is vulnerable to SQL Injection via the 'uid' parameter in all versions up to, and including, 1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-10691

The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the showeditsubpage function. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2025-10691 Easy Email Subscription <= 1.3 - Cross-Site Request Forgery to Arbitrary Subscriber Deletion

The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the showeditsubpage function. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2025-10691 Easy Email Subscription <= 1.3 - Cross-Site Request Forgery to Arbitrary Subscriber Deletion

The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the showeditsubpage function. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2025-10683

The WordPress Easy Email Subscription plugin (versions

CVE-2025-10683 Easy Email Subscription <= 1.3 - Authenticated (Admin+) SQL Injection via uid

The Easy Email Subscription plugin for WordPress is vulnerable to SQL Injection via the 'uid' parameter in all versions up to, and including, 1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-10683 Easy Email Subscription <= 1.3 - Authenticated (Admin+) SQL Injection via uid

The Easy Email Subscription plugin for WordPress is vulnerable to SQL Injection via the 'uid' parameter in all versions up to, and including, 1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

WordPress Easy Email Subscription plugin <= 1.3 - Cross-Site Request Forgery to Arbitrary Subscriber Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Subscriber Deletion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Easy Email Subscription versions = 1.3...

WordPress Easy Email Subscription plugin <= 1.3 - Authenticated (Admin+) SQL Injection via uid vulnerability

Authenticated Admin+ SQL Injection via uid vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Easy Email Subscription versions = 1.3...