Subscribe2 – Form, Email Subscribers & Newsletters, CVE-2022-4309
- CVE, Research URL
- Published on
- Jan 16, 2023
- Research Description
- The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack.
- Affected versions
-
max 8.1.
- Status
-
vulnerable