Feedblitz Email Subscription

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-11994	WordPress Feedblitz Email Subscription	Hig	0.47	7.2	0.00	Nov 12, 2025	The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-31745	WordPress Feedblitz Email Subscription	Med	0.42	6.5	0.01	Apr 1, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arni Cinco Subscription Form for Feedblitz feedblitz-email-subscription allows Stored XSS.This issue affects Subscription Form for Feedblitz: from n/a through <= 1.0.9.
CVE-2025-10691	WordPress Feedblitz Email Subscription	Med	0.28	4.3	0.00	Nov 6, 2025	The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the show_editsub_page() function. This makes it possible for unauthenticated attackers to delete arbitrary subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2025-11994HigNov 12, 2025
WordPress
Feedblitz Email Subscription
risk 0.47cvss 7.2epss 0.00
The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-31745MedApr 1, 2025
WordPress
Feedblitz Email Subscription
risk 0.42cvss 6.5epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arni Cinco Subscription Form for Feedblitz feedblitz-email-subscription allows Stored XSS.This issue affects Subscription Form for Feedblitz: from n/a through <= 1.0.9.
CVE-2025-10691MedNov 6, 2025
WordPress
Feedblitz Email Subscription
risk 0.28cvss 4.3epss 0.00
The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the show_editsub_page() function. This makes it possible for unauthenticated attackers to delete arbitrary subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.