Webfwd: >> Mail Subscribe List >> 1.1.2 Security Vulnerabilities
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Richard Leishman t/a Webforward Mail Subscribe List plugin <= 2.1.9 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-16
The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list
CVSS Score
4.3
EPSS Score
0.001
Published
2022-06-20