cleantalk
Vulnerabilities and Security Researches

Subscribe To Comments Reloaded, CVE-2014-2274

CVE, Research URL

CVE-2014-2274

Home page URL

Security reports for Subscribe To Comments Reloaded

Application

Subscribe To Comments Reloaded

Published on
Mar 20, 2018
Research Description
Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php.
Affected versions
Min -, max 140219.
Status
vulnerable
Previous vulnerability researches
Subscribe To Comments Reloaded (CVE-2022-29414) , Jun 07, 2024
Subscribe To Comments Reloaded (CVE-2024-31249) , Jun 07, 2024
Subscribe To Comments Reloaded (CVE-2014-2274) , Jun 07, 2024
New vulnerability
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-8015) , Jul 22, 2025
Appointment & Event Booking Calendar Plugin – Webba Booking (CVE-2025-54040) , Jul 22, 2025
Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7696) , Jul 21, 2025
Temporarily Hidden Content (CVE-2025-7658) , Jul 21, 2025
Testimonial Post type (CVE-2025-5800) , Jul 21, 2025