EUVD-2006-1003

Malware in sbrugna...

CVE-2024-8792

The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-8792 Subscribe to Comments <= 2.3 - Reflected Cross-Site Scripting

The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

Cross site scripting

A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading t...

CVE-2006-10001

CVE-2006-10001 affects the WordPress plugin “Subscribe to Comments” up to version 2.0.7, where an issue in the file subscribe-to-comments.php enables cross-site scripting. The vulnerability can be triggered remotely, with the impact described as causing client-side script execution. A fix is avai...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via a request to the...