WordPress · Subscribe2 · CVE-2014-6604
**Name of the Vulnerable Software and Affected Versions**
Subscribe2 plugin versions prior to 10.16
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `ip` parameter. This can be exploited by attackers to execute malicious scripts on the victim's browser.
**Recommendations**
For versions prior to 10.16, update to version 10.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the `class-s2-list-table.php` file to minimize the risk of exploitation. Avoid using the `ip` parameter in the affected plugin until the issue is resolved.