WordPress Plugin Vulnerabilities

Subscribe2 < 10.16 - XSS

Description

The Subscribe2 – Form, Email Subscribers & Newsletters WordPress plugin was affected by a XSS security vulnerability.

Affects Plugins

Plugin icon
subscribe2
Fixed in 10.16

References

CVE
CVE-2014-6604
URL
http://barmat.io/blog/2014/10/01/stored-xss-vulnerability-in-the-wordpress-plugin-subscribe2/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
e0959ce1-23ea-4599-aca4-6a3511b21886

Timeline

Publicly Published
2014-10-01 (about 11 years ago)
Added
2019-08-26 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-05-07
Title
DoFollow Case by Case < 3.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2025-01-16
Title
Mobigate <= 1.0.3 - Reflected Cross-Site Scripting
Published
2024-09-11
Title
amCharts: Charts and Maps < 1.4.5 - Reflected Cross-Site Scripting via Cross-Site Request Forgery
Published
2025-06-10
Title
The Events Calendar < 6.13.2.1 - Contributor+ DOM-Based Stored XSS
Published
2023-10-31
Title
Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS