Subscribe2 Project Subscribe2 — known CVE vulnerabilities
Every CVE whose affected-product data names Subscribe2 Project Subscribe2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2014-6604 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote…
CVE-2023-1844 — CVSS 4.3 (medium): The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when…
CVE-2023-3407 — CVSS 4.3 (medium): The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to…
CVE-2022-4309 — CVSS 3.1 (low): The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in…