CVE-2026-24522 WordPress WP Subscribe plugin <= 1.2.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through = 1.2.16...

CVE-2025-14904

CVE-2025-14904 affects Newsletter Email Subscribe (WordPress plugin). The WordPress plugin versions up to 2.4 are vulnerable to Cross-Site Request Forgery due to incorrect nonce validation in the nels_settings_page function, enabling unauthenticated attackers to update plugin settings via forged ...

CVE-2025-12025

The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...

CVE-2025-12025 YouTube Subscribe <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID

The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...

EUVD-2021-24804

Malware in sbrugna...

WordPress Navayan Subscribe plugin <= 1.13 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Navayan Subscribe versions = 1.13...

CVE-2025-23806

CVE-2025-23806 describes a CSRF vulnerability in ThemeFarmer Ultimate Subscribe (ultimate-subscribe) that enables Reflected XSS, affecting Ultimate Subscribe versions up to 1.3. The description and Red Hat entry confirm the cross-site request forgery context and XSS impact; no public exploit deta...

CVE-2024-9267

CVE-2024-9267 pertains to the Easy WordPress Subscribe – Optin Hound plugin for WordPress. The vulnerability is a Reflected Cross‑Site Scripting (XSS) flaw caused by insufficient escaping of URLs when using add_query_arg, affecting all versions up to and including 1.4.3. The risk: unauthenticated...

CVE-2022-1792

The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them...

CVE-2021-36844

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in MyThemeShop WP Subscribe plugin = 1.2.12 on WordPress...

CVE-2021-36844 WordPress WP Subscribe plugin <= 1.2.12 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in MyThemeShop WP Subscribe plugin = 1.2.12 on WordPress...

WordPress plugin WP Subscribe跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Subscribe plugin version 1.2.12 and earlier versions have a cross-site scripting...

WordPress WP Optin Wheel plugin <= 1.3.4 - Subscribe+ Plugin Options Update (Toggle Wheel status, Update wheels) vulnerability

Subscribe+ Plugin Options Update Toggle Wheel status, Update wheels vulnerability discovered in WordPress WP Optin Wheel plugin versions = 1.3.4. Solution Update the WordPress WP Optin Wheel plugin to the latest available version at least 1.3.5...

CVE-2021-38351

The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osdsubscribemessage parameter found in the /options/osdsubscribeoptionssubscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3...

CVE-2021-38351

The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osdsubscribemessage parameter found in the /options/osdsubscribeoptionssubscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3...

CVE-2021-38351 OSD Subscribe <= 1.2.3 Reflected Cross-Site Scripting

The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osdsubscribemessage parameter found in the /options/osdsubscribeoptionssubscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3...

WordPress OSD Subscribe plugin <= 1.2.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress OSD Subscribe plugin versions = 1.2.3. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

DEBIAN-CVE-2019-1000021

slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin Persistent Storage of Private Data via PubSub options profile, used for the configuration of default access model that can result in all of the contacts of...