[Bug] Plugin is vulnerable to Broken Access Control #25
Description
To be published on Dec 8, 2025
Ticket ID: 307748
We want to report a vulnerability discovered in Subscribe2 – Form, Email Subscribers & Newsletters WordPress plugin discovered by security researcher chokri hammedi.
The original report is available here: https://vdp.patchstack.com/database/report-preview/fb6d27d8-4fd0-4ac6-b967-592ef91ac3f1/preview, and the PIN code to access the report information is here: qYkWjdNkksbF1jlQ
For general tips on how to patch a vulnerability, take a look here: https://patchstack.com/articles/common-plugin-vulnerabilities-how-to-fix-them/