CVE-2025-14904
CVE-2025-14904 affects Newsletter Email Subscribe (WordPress plugin). The WordPress plugin versions up to 2.4 are vulnerable to Cross-Site Request Forgery due to incorrect nonce validation in the nels_settings_page function, enabling unauthenticated attackers to update plugin settings via forged ...