A popular WordPress plugin ‘Email Subscribers & Newsletters‘ was found to have a vulnerability that could allow an unauthenticated attacker to download subscriber lists on over 100,000 WordPress websites.
The plugin bug was fixed on January 19 as part of version 3.4.8.Â
Security researcher Dominykas Gelucevicius from ThreatPress discovered the vulnerability and described to Tripwire how the security gap could be exploited.Â
Admins are encouraged to update the plugin as soon as possible to prevent loss of sensitive data.Â