Description
WordPress Plugin Email Subscribers & Newsletters is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Email Subscribers & Newsletters version 3.4.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.8 or latest
References
https://blog.threatpress.com/vulnerability-email-subscribers-plugin/
https://www.exploit-db.com/exploits/43872/
https://plugins.svn.wordpress.org/email-subscribers/trunk/readme.txt