Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Subscribe2: Unrestricted Access to Subscription Management
CVE-2026-24944
Summary
A security issue exists in Subscribe2, a plugin for managing email subscriptions. If not configured correctly, this could allow unauthorized users to access or modify subscription settings. Update to a version higher than 10.44 to fix the issue.
Original title
Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.
Original description
Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.
nvd CVSS3.1
6.5
Vulnerability type
CWE-862
Missing Authorization
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026