CVE-2014-6604

Name of the Vulnerable Software and Affected Versions Subscribe2 plugin versions prior to 10.16

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the ip parameter. This can be exploited by attackers to execute malicious scripts on the victim's browser.

Recommendations For versions prior to 10.16, update to version 10.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the class-s2-list-table.php file to minimize the risk of exploitation. Avoid using the ip parameter in the affected plugin until the issue is resolved.