The Newsletter Popup WordPress plugin up to and including 1.2 does not have CSRF check when deleting subscriber, which could allow malicious users to make logged in admins perform such action via a CSRF attack