Tanay Lakhani

**Name of the Vulnerable Software and Affected Versions** Subscribe2 plugin versions prior to 10.16 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `ip` parameter. This can be exploited by attackers to execute malicious scripts on the victim's browser. **Recommendations** For versions prior to 10.16, update to version 10.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the `class-s2-list-table.php` file to minimize the risk of exploitation. Avoid using the `ip` parameter in the affected plugin until the issue is resolved.