WordPress Plugin Vulnerabilities

Subscribe To Comments Reloaded < 220502 - Multiple CSRF

Description

The plugin does not have CSRF checks in various actions, which could allow attackers to make a logged in admin reset all options, change the plugin's settings etc via CSRF attacks

Affects Plugins

Plugin icon
subscribe-to-comments-reloaded
Fixed in 220502

References

CVE
CVE-2022-29414

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Ex.Mi
Verified
Yes
WPVDB ID
bbe4a02d-0a19-453f-a5ec-82696f612a60

Timeline

Publicly Published
2022-04-29 (about 4 years ago)
Added
2022-04-30 (about 4 years ago)
Last Updated
2022-05-02 (about 4 years ago)

Other

Published
Title
Published
2022-09-14
Title
Advanced Dynamic Pricing for WooCommerce < 4.1.4 - Settings Update via CSRF
Published
2025-05-15
Title
Salon booking system < 10.17 - Cross-Site Request Forgery to Arbitrary Post/Page Deletion
Published
2025-06-27
Title
WP Permalink Translator <= 1.7.6 - Cross-Site Request Forgery
Published
2023-11-01
Title
Funnelforms Free < 3.4.2 - Cross-Site Request Forgery to Arbitrary Post Duplication
Published
2024-08-12
Title
Backup and Restore WordPress <= 1.50 - Cross-Site Request Forgery