CVE-2026-4409

The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...

WordPress Subscribe To Comments Reloaded plugin <= 240119 - Improper Authorization to Unauthenticated Arbitrary Subscription Management vulnerability

Improper Authorization to Unauthenticated Arbitrary Subscription Management vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Subscribe To Comments Reloaded versions = 240119...

CVE-2026-4409

The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...

CVE-2026-4409 Subscribe To Comments Reloaded <= 240119 - Improper Authorization to Unauthenticated Arbitrary Subscription Management

The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...

WordPress plugin Subscribe To Comments Reloaded 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

EUVD-2006-1003

Malware in sbrugna...

EUVD-2024-49422

Malicious code in bioql PyPI...

EUVD-2024-29145

Malicious code in bioql PyPI...

CVE-2015-10133 Subscribe to Comments <= 2.1.2 - Local File Includion

The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the server, allowing the...

WordPress plugin Subscribe to Comments security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2025-30125 · WordPress · Subscribe To Comments For Wordpress

Name of the Vulnerable Software and Affected Versions: Subscribe to Comments for WordPress versions prior to 2.1.3 Description: The Subscribe to Comments for WordPress is susceptible to a Local File Inclusion issue via the Path to header value. Authenticated attackers with administrative privileg...

CVE-2024-31249

Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725...

CVE-2024-8792

The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-8792

The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-8792 Subscribe to Comments <= 2.3 - Reflected Cross-Site Scripting

The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-8792 Subscribe to Comments <= 2.3 - Reflected Cross-Site Scripting

The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

PT-2024-39256

Name of the Vulnerable Software and Affected Versions: Subscribe to Comments plugin for WordPress versions up to, and including, 2.3 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...

WordPress Subscribe to Comments plugin <= 2.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Subscribe to Comments versions = 2.3...

WordPress Subscribe to Comments Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Software Subscribe to Comments Type Plugin Vulnerable versions = 2.3 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8792 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e73a4a4fc1e2 Credits vgo0 Required...

WordPress Subscribe Comments File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Subscribe Comments File Read Vulnerability', 'Description' = %q This module exploits an authenticated directory traversal vulnerability...