🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Subscribe2 – Form, Email Subscribers & Newsletters

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Subscribe2 – Form, Email Subscribers & Newsletters

Information

Software Type	Plugin
Software Slug	subscribe2 (view on wordpress.org)
Software Status	Active
Software Author	wedevs
Software Website	getwemail.io
Software Downloads	2,393,100
Software Active Installs	20,000
Software Record Last Updated	May 3, 2024

8 Vulnerabilities

Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout

4.3

CVE-2024-32110

Apr 11, 2024

Researcher: Dhabaleshwar Das

Subscribe2 <= 10.40 - Cross-Site Request Forgery

4.3

CVE-2023-3407

Jun 26, 2023

Researcher: Marco Wotschka

Subscribe2 <= 10.40 - Missing Authorization

4.3

CVE-2023-1844

Jun 26, 2023

Researcher: Marco Wotschka

Subscribe2 <= 10.37 - Cross-Site Request Forgery

7.1

CVE-2022-4309

Dec 22, 2022

Researcher: WPScanTeam

Appsero <= 1.2.1 - Missing Authorization

4.3

CVE ID Unknown

Dec 16, 2022

Researchers:

Appsero <= 1.2.0 - Cross-Site Request Forgery

4.3

CVE-2022-47150

Dec 14, 2022

Researcher: István Márton

Subscribe2 – Form, Email Subscribers & Newsletters <= 10.15 - Stored Cross-Site Scripting

6.1

CVE-2014-6604

Oct 1, 2014

Researcher: Matt Barry

Subscribe2 – Form, Email Subscribers & Newsletters < 8.1 - Multiple Cross-Site Scripting

7.1

CVE ID Unknown

Aug 1, 2014

Researchers: Heine Pedersen, Torben Jensen

Title	CVE ID	CVSS	Researchers	Date
Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout	CVE-2024-32110	4.3	Dhabaleshwar Das	April 11, 2024
Subscribe2 <= 10.40 - Cross-Site Request Forgery	CVE-2023-3407	4.3	Marco Wotschka	June 26, 2023
Subscribe2 <= 10.40 - Missing Authorization	CVE-2023-1844	4.3	Marco Wotschka	June 26, 2023
Subscribe2 <= 10.37 - Cross-Site Request Forgery	CVE-2022-4309	7.1	WPScanTeam	December 22, 2022
Appsero <= 1.2.1 - Missing Authorization		4.3		December 16, 2022
Appsero <= 1.2.0 - Cross-Site Request Forgery	CVE-2022-47150	4.3	István Márton	December 14, 2022
Subscribe2 – Form, Email Subscribers & Newsletters <= 10.15 - Stored Cross-Site Scripting	CVE-2014-6604	6.1	Matt Barry	October 1, 2014
Subscribe2 – Form, Email Subscribers & Newsletters < 8.1 - Multiple Cross-Site Scripting		7.1	Heine Pedersen, Torben Jensen	August 1, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation