Input validation vulnerability in Subscribe2 – Form, Email Subscribers & Newsletters 10.40

The Subscribe2 plugin for WordPress, which is used by some website administrators, has a security vulnerability in versions 10.40 and earlier. This vulnerability means that it’s possible for attackers to send test emails to users on affected websites, with custom content, without being authenticated. The vulnerability occurs because the plugin does not properly validate any requests when sending out test emails, allowing an attacker to trick a site administrator into clicking on a malicious link.