Vulnerabilities and security researches forwp-subscription-forms wp-subscription-forms

Mar 29, 2025

CVE, Research URL: CVE-2025-30784
Home page URL: Security reports for WP Subscription Forms – The Ultimate WordPress Subscription Form Plugin
Application: WP Subscription Forms – The Ultimate WordPress Subscription Form Plugin
Date: Mar 27, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Shuffle WP Subscription Forms allows SQL Injection. This issue affects WP Subscription Forms: from n/a through 1.2.3.
Affected versions: max 1.2.4.
Status: vulnerable

Apr 11, 2025

CVE, Research URL: CVE-2025-32692
Home page URL: Security reports for WP Subscription Forms – The Ultimate WordPress Subscription Form Plugin
Application: WP Subscription Forms – The Ultimate WordPress Subscription Form Plugin
Date: Apr 09, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms allows PHP Local File Inclusion. This issue affects WP Subscription Forms: from n/a through 1.2.4.
Affected versions: max 1.2.4.
Status: vulnerable

Apr 18, 2025

CVE, Research URL: CVE-2025-39591
Home page URL: Security reports for WP Subscription Forms – The Ultimate WordPress Subscription Form Plugin
Application: WP Subscription Forms – The Ultimate WordPress Subscription Form Plugin
Date: Apr 16, 2025
Research Description: Missing Authorization vulnerability in WP Shuffle WP Subscription Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Subscription Forms: from n/a through 1.2.3.
Affected versions: max 1.2.4.
Status: vulnerable