WordPress Email Subscribers and Newsletters plugin version 4.2.2 suffers from a remote SQL injection vulnerability.