Description
WordPress Plugin Email Subscribers & Newsletters is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Email Subscribers & Newsletters version 3.4.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.8 or latest
References
https://blog.threatpress.com/vulnerability-email-subscribers-plugin/
https://www.exploit-db.com/exploits/43872/
https://plugins.svn.wordpress.org/email-subscribers/trunk/readme.txt
Related Vulnerabilities
Jboss EAP CVE-2016-5018 Vulnerability (CVE-2016-5018)
Premmerce Product Filter for WooCommerce Security Bypass (3.1.2)
WordPress Landing Pages Cross-Site Scripting (2.2.4)
Custom Fields Search by BestWebSoft Cross-Site Scripting (1.3.1)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3195)