CVE-2026-4409

The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...

CVE-2026-4409 Subscribe To Comments Reloaded <= 240119 - Improper Authorization to Unauthenticated Arbitrary Subscription Management

The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...

WordPress plugin Subscribe To Comments Reloaded 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

EUVD-2024-49422

Malicious code in bioql PyPI...

PT-2025-30125 · WordPress · Subscribe To Comments For Wordpress

Name of the Vulnerable Software and Affected Versions: Subscribe to Comments for WordPress versions prior to 2.1.3 Description: The Subscribe to Comments for WordPress is susceptible to a Local File Inclusion issue via the Path to header value. Authenticated attackers with administrative privileg...

CVE-2024-8792

The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-8792 Subscribe to Comments <= 2.3 - Reflected Cross-Site Scripting

The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

PT-2024-39256

Name of the Vulnerable Software and Affected Versions: Subscribe to Comments plugin for WordPress versions up to, and including, 2.3 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...

WordPress Subscribe to Comments Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Software Subscribe to Comments Type Plugin Vulnerable versions = 2.3 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8792 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e73a4a4fc1e2 Credits vgo0 Required...

WordPress Subscribe Comments File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Subscribe Comments File Read Vulnerability', 'Description' = %q This module exploits an authenticated directory traversal vulnerability...

CVE-2024-31249

Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725...

PT-2023-9859 · WordPress · Subscribe To Comments Plugin

Name of the Vulnerable Software and Affected Versions: Subscribe to Comments Plugin versions up to 2.0.7 Description: A problematic vulnerability was found in the Subscribe to Comments Plugin, affecting an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site...

CVE-2022-29414

Multiple 13x Cross-Site Request Forgery CSRF vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin mass update settings, manage subscriptions add a new subscription, update subscription, delete Subscription...

CVE-2022-29414

Multiple 13x Cross-Site Request Forgery CSRF vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin mass update settings, manage subscriptions add a new subscription, update subscription, delete Subscription...

WordPress plugin Subscribe To Comments Reloaded 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Subscribe To Comments Reloaded plugin 211130 and earlier versions are vulnerable to cross-site...

WordPress插件Subscribe to Comments本地文件包含漏洞

No description provided by source...

WordPress Plugin Subscribe to Comments Local File Inclusion Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Subscribe To Comments Reloaded is one of the comment subscription plugin. A local file inclusion vulnerability...

WordPress Subscribe To Comments Reloaded Plugin <= 150611 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

WordPress plugin Subscribe to Comments 'options-general.php' local file inclusion vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A local file inclusion vulnerability exists in the WordPress plugin Subscribe to Comments 'options-general.php'. Because the...

WordPress Subscribe To Comments 2.1.2 LFI / Code Execution Vulnerabilities

Exploit for php platform in category web applications Details ================ Software: Subscribe to Comments Version: 2.1.2 Homepage: http://wordpress.org/plugins/subscribe-to-comments/ Advisory report:...