Cross-Site Request Forgery Vulnerability in Easy Email Subscription Plugin for WordPress
CVE-2025-10691
4.3MEDIUM
What is CVE-2025-10691?
The Easy Email Subscription plugin for WordPress has a vulnerability that allows unauthorized attackers to leverage Cross-Site Request Forgery through improper nonce validation in the show_editsub_page() function. By tricking a site administrator into performing actions, such as clicking on a crafted link, an attacker could delete arbitrary subscribers, compromising the integrity of the subscription list.
Affected Version(s)
Easy Email Subscription * <= 1.3