CVE-2022-4309

Name of the Vulnerable Software and Affected Versions Subscribe2 WordPress plugin versions prior to 10.38

Description The issue allows attackers to make a logged-in admin delete arbitrary users by knowing their email via a CSRF attack, due to the lack of a CSRF check when deleting users.

Recommendations For versions prior to 10.38, update to version 10.38 or later to resolve the issue. As a temporary workaround, consider restricting access to the user deletion functionality to minimize the risk of exploitation.