CVE-2015-10133
published 2025-07-19CVE-2015-10133: The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows…
PriorityP352high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
1.44%
69.8th percentile
The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This same function can also be used to execute arbitrary PHP code.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| markjaquith | subscribe_to_comments | <= 2.1.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_subscribe_comments_file_read.rb↗
- →Monitor for LFI/directory traversal patterns in the 'Path to header' parameter of the Subscribe to Comments plugin settings, which may include sequences such as '../' to traverse directories. ↗
- →A Metasploit auxiliary scanner module exists for this vulnerability; detect scanner activity targeting WordPress sites with the module path wp_subscribe_comments_file_read. ↗
- ·Exploitation requires authentication with administrative privileges or above, limiting the attack surface to compromised or malicious admin accounts. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://advisories.dxw.com/advisories/admin-only-local-file-inclusion-and-arbitrary-code-execution-in-subscribe-to-comments-2-1-2/https://packetstormsecurity.com/files/132694/https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1198281%40subscribe-to-comments&new=1198281%40subscribe-to-comments&sfp_email=&sfph_mail=https://seclists.org/fulldisclosure/2015/Jul/71https://www.wordfence.com/threat-intel/vulnerabilities/id/f92784a7-f2b3-47f8-b03f-4e234b57e40a?source=cve
2025-07-19
Published