cleantalk
Vulnerabilities and Security Researches

Subscribe To Comments Reloaded, CVE-2014-2274

CVE, Research URL

CVE-2014-2274

Home page URL

Security reports for Subscribe To Comments Reloaded

Application

Subscribe To Comments Reloaded

Published on
Mar 20, 2018
Research Description
Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php.
Affected versions
Min -, max 140219.
Status
vulnerable
Previous vulnerability researches
Subscribe To Comments Reloaded (CVE-2022-29414) , Jun 07, 2024
Subscribe To Comments Reloaded (CVE-2024-31249) , Jun 07, 2024
Subscribe To Comments Reloaded (CVE-2014-2274) , Jun 07, 2024
Subscribe to Comments (CVE-2024-8792) , Oct 31, 2024
Subscribe to Comments (f69cd55925560294fe3e43bb5ca85d72219309c8) , Jun 07, 2024
New vulnerability
Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7696) , Jul 21, 2025
Temporarily Hidden Content (CVE-2025-7658) , Jul 21, 2025
Testimonial Post type (CVE-2025-5800) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7369) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7354) , Jul 21, 2025