2 matches found
CVE-2022-4309
Vulnerability summary (CVE-2022-4309) : The Subscribe2 WordPress plugin (versions before 10.38) is affected by a CSRF weakness in user-deletion functionality. The underlying issue is the absence of a CSRF check when deleting users, which could allow a logged-in admin to delete arbitrary users by ...
CVE-2014-6604
Vulnerability context: CVE-2014-6604 affects the WordPress Subscribe2 plugin, specifically the class-s2-list-table.php component, with exploitation via the ip parameter. The issue is an XSS vulnerability in versions prior to 10.16. What’s affected: Subscribe2 plugin for WordPress (plugin file: cl...