4 matches found
CVE-2022-4309
Vulnerability summary (CVE-2022-4309) : The Subscribe2 WordPress plugin (versions before 10.38) is affected by a CSRF weakness in user-deletion functionality. The underlying issue is the absence of a CSRF check when deleting users, which could allow a logged-in admin to delete arbitrary users by ...
CVE-2023-3407
CVE-2023-3407 affects the Subscribe2 WordPress plugin (versions up to 10.40). The issue is CSRF due to missing or incorrect nonce validation when sending test emails, enabling unauthenticated attackers to trigger test emails with custom content by tricking an administrator into performing an acti...
CVE-2023-1844
The CVE-2023-1844 entry concerns the WordPress plugin Subscribe2. The vulnerability arises from a missing capability check when sending test emails, enabling author-level attackers to send emails with arbitrary content/attachments to site users in versions up to and including 10.40. The impact is...
CVE-2014-6604
Vulnerability context: CVE-2014-6604 affects the WordPress Subscribe2 plugin, specifically the class-s2-list-table.php component, with exploitation via the ip parameter. The issue is an XSS vulnerability in versions prior to 10.16. What’s affected: Subscribe2 plugin for WordPress (plugin file: cl...