Subscribe Sidebar <= 1.3.1 - Authenticated Reflected Cross-Site Scripting
The 'status' GET parameter in subscribesidebar.php, which is displayed in the plugin's option page, is vulnerable to reflected XSS attacks. /wp-admin/options-general.php?page=subscribesidebar.php&status=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E...