WordPress Plugin Vulnerabilities

Subscribe to Comments < 2.3 - Authenticated Local File Inclusion

Description

The Subscribe to Comments WordPress plugin was affected by an Authenticated Local File Inclusion security vulnerability.

Affects Plugins

Plugin icon
subscribe-to-comments
Fixed in 2.3

References

URL
auxiliary/scanner/http/wp_subscribe_comments_file_read
URL
https://packetstormsecurity.com/files/#132694/
URL
https://advisories.dxw.com/advisories/admin-only-local-file-inclusion-and-arbitrary-code-execution-in-subscribe-to-comments-2-1-2/
URL
https://seclists.org/fulldisclosure/2015/Jul/71

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
b02ba932-743e-4d16-a78e-48c38ff7a7c2

Timeline

Publicly Published
2015-07-14 (about 10 years ago)
Added
2015-07-15 (about 10 years ago)
Last Updated
2019-10-22 (about 6 years ago)

Other

Published
Title
Published
2024-04-05
Title
WordPress Gallery Exporter <= 1.3 - Authenticated (Administrator+) Arbitrary File Download
Published
2025-08-17
Title
Filr < 1.2.11 - Authenticated (Contributor+) Arbitrary File Deletion
Published
2023-12-26
Title
Ultimate Addons for Beaver Builder < 1.35.14 - Contributor+ Arbitrary File Download
Published
2023-12-27
Title
JVM rich text icons < 1.2.7 - Subscriber+ Arbitrary File Deletion
Published
2023-12-28
Title
Product Feed Manager < 7.3.16 - Authenticated (Admin+) Directory Traversal