The Easy Newsletter Signups plugin for WordPress has a security flaw that allows unauthenticated attackers to delete and export subscriber lists without permission. This flaw was present in versions up to and including 1.0.4 and was due to a missing capability check on the wpesn_ltable_process_bulk_action() function.