cleantalk
Vulnerabilities and Security Researches

Subscribe2 – Form, Email Subscribers & Newsletters, CVE-2023-1844

CVE, Research URL

CVE-2023-1844

Home page URL

Security reports for Subscribe2 – Form, Email Subscribers & Newsletters

Application

Subscribe2 – Form, Email Subscribers & Newsletters

Published on
Jun 28, 2023
Research Description
The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users.
Affected versions
max 10.41.
Status
vulnerable
Previous vulnerability researches
Subscribe2 – Form, Email Subscribers & Newsletters (CVE-2026-24944) , Feb 28, 2026
Subscribe2 – Form, Email Subscribers & Newsletters (CVE-2014-6604) , Jun 07, 2024
Subscribe2 – Form, Email Subscribers & Newsletters (CVE-2022-4309) , Jun 07, 2024
Subscribe2 – Form, Email Subscribers & Newsletters (CVE-2023-3407) , Jun 07, 2024
Subscribe2 – Form, Email Subscribers & Newsletters (CVE-2023-1844) , Jun 07, 2024
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026