Description
WordPress Plugin Email Subscribers & Newsletters is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently bypass the subscription form using fake email accounts. WordPress Plugin Email Subscribers & Newsletters version 3.5.13 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.5.14 or latest
References
https://wordpress.org/support/topic/russian-spam-is-back-again/
https://plugins.svn.wordpress.org/email-subscribers/trunk/readme.txt