CVE-2025-10683

Name of the Vulnerable Software and Affected Versions Easy Email Subscription plugin for WordPress versions up to and including 1.3

Description The Easy Email Subscription plugin for WordPress is susceptible to SQL Injection via the uid parameter. This is due to inadequate input sanitization and insufficient preparation of SQL queries. An authenticated attacker with Administrator-level access or higher can inject additional SQL queries into existing ones, potentially allowing them to extract sensitive information from the database.

Recommendations Update Easy Email Subscription plugin to a version newer than 1.3.