Email Subscribers is a WordPress plugin designed to simplify the process of managing email subscriptions, newsletters, and automated email campaigns. With over 80,000 active installations, it is widely used by website administrators for email marketing and user engagement. However, a critical vulnerability, CVE-2024-11924, has been identified within the plugin that allows for the implementation of stored Cross-Site Scripting (XSS). This vulnerability enables an attacker with editor-level access to inject malicious JavaScript, leading to a potential backdoor creation and full admin account takeover.
CVE-2024-11924 – Email Subscribers – Stored XSS to JS Backdoor Creation – POC
