Lucene search
K
Subscribe2 ProjectSubscribe2

4 matches found

CVE
CVE
added 2023/01/16 3:38 p.m.55 views

CVE-2022-4309

Vulnerability summary (CVE-2022-4309) : The Subscribe2 WordPress plugin (versions before 10.38) is affected by a CSRF weakness in user-deletion functionality. The underlying issue is the absence of a CSRF check when deleting users, which could allow a logged-in admin to delete arbitrary users by ...

3.1CVSS3.9AI score0.00238EPSS
CVE
CVE
added 2023/06/28 2:34 a.m.52 views

CVE-2023-3407

CVE-2023-3407 affects the Subscribe2 WordPress plugin (versions up to 10.40). The issue is CSRF due to missing or incorrect nonce validation when sending test emails, enabling unauthenticated attackers to trigger test emails with custom content by tricking an administrator into performing an acti...

4.3CVSS4.6AI score0.00298EPSS
CVE
CVE
added 2023/06/28 2:34 a.m.44 views

CVE-2023-1844

The CVE-2023-1844 entry concerns the WordPress plugin Subscribe2. The vulnerability arises from a missing capability check when sending test emails, enabling author-level attackers to send emails with arbitrary content/attachments to site users in versions up to and including 10.40. The impact is...

4.3CVSS4.8AI score0.00508EPSS
CVE
CVE
added 2018/03/29 6:0 p.m.36 views

CVE-2014-6604

Vulnerability context: CVE-2014-6604 affects the WordPress Subscribe2 plugin, specifically the class-s2-list-table.php component, with exploitation via the ip parameter. The issue is an XSS vulnerability in versions prior to 10.16. What’s affected: Subscribe2 plugin for WordPress (plugin file: cl...

6.1CVSS6.1AI score0.01222EPSS