cbcvebase.

Markjaquith Subscribe To Comments vulnerabilities

3 known vulnerabilities affecting markjaquith/subscribe_to_comments.

Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2015-10133P3HIGHCVSS 7.2PoC≤ 2.1.22025-07-19
CVE-2015-10133 [HIGH] CWE-98 CVE-2015-10133: The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used t
nvd
CVE-2006-10001P4MEDIUMCVSS 5.4fixed in 2.0.82023-03-05
CVE-2006-10001 [MEDIUM] CWE-79 CVE-2006-10001: A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up t A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The iden
nvd
CVE-2024-8792P4MEDIUMCVSS 6.1≤ 2.32024-10-30
CVE-2024-8792 [MEDIUM] CWE-79 CVE-2024-8792: The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due t The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user
nvd
Markjaquith Subscribe To Comments vulnerabilities | cvebase