Subscribe2 [Sensitive Data Exposure]
Plugin Subscribe2 is vulnerable because it doesn’t check capabilities to export csv file with subscribed users. In addition a CSRF attack is possible to this action.
The caveat is that in order to get data in CSV file, an attacker must pass email accounts from users that have a valid account at the infected website. The list with email accounts must be valid emails separated with a comma and Windows line separator (
The CSV file contains the username, IP and other newsletter subscription relative information.
curl -XPOST -d "email@example.com" \ "http://wp1.dev/wp-admin/index.php"