All issues can be triggered by unauthenticated users: - Arbitrary File Deletion - HTML injection & CSRF in email messages - Stored Cross-Site Scripting - Disclosure of subscribers' email address - Arbitrary subscriber deletion - Arbitrary plugin’s template switch