The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites. A remote, unauthenticated attacker can exploit the flaw to send forged emails to all recipients. The flaw (CVE-2020-5780) ranks 7.5 out of 10 on the CVSS scale, making it high severity. The issue stems from an email forgery/spoofing vulnerability in the class-es-newsletters.php class.
Source: https://threatpost.com/wordpress-plugin-flaw/159172/