WordPress Plugin Vulnerabilities

Subscribe2 – Form, Email Subscribers & Newsletters < 10.41 - Missing Access Controls

Description

The vulnerability allows any Author leveled users to perform actions that only an administrator should be allowed to do (e.g., sending unsolicited e-mail to users).

Affects Plugins

Plugin icon
subscribe2
Fixed in 10.41

References

CVE
CVE-2023-1844

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
e4605545-ca60-469d-8931-202593673d78

Timeline

Publicly Published
2023-06-26 (about 2 years ago)
Added
2023-06-29 (about 2 years ago)
Last Updated
2023-06-29 (about 2 years ago)

Other

Published
Title
Published
2025-10-16
Title
Acknowledgify < 1.1.4 - Missing Authorization
Published
2024-11-11
Title
Pie Register Premium < 3.8.3.3 - Missing Authorization
Published
2022-11-01
Title
WatchTowerHQ < 3.6.16 - Unauthenticated Arbitrary File Deletion
Published
2026-02-03
Title
Optimize More! – Images <= 1.1.3 - Missing Authorization
Published
2025-08-21
Title
WP Mailgun SMTP <= 1.0.7 - Missing Authorization