cleantalk
Vulnerabilities and Security Researches

Subscribe to Comments, f69cd55925560294fe3e43bb5ca85d72219309c8

CVE, Research URL

f69cd55925560294fe3e43bb5ca85d72219309c8

Home page URL

Security reports for Subscribe to Comments

Application

Subscribe to Comments

Published on
Nov 16, 2009
Research Description
Subscribe to Comments [subscribe-to-comments] < 2.3 (closed) WordPress Subscribe to Comments Plugin 2.0 - Multiple Cross-Site Scripting Vulnerabilities Subscribe to Comments plugin is prone to a cross-site scripting. Application fails to sufficiently clean up user-supplied data. The attacker-supplied could run HTML or JavaScript code in the context of the affected site. In that way the attacker can steal cookie-based authentication credits. There are other attacks also possible.
Affected versions
Min -, max 2.3.
Status
vulnerable
Previous vulnerability researches
Subscribe To Comments Reloaded (CVE-2022-29414) , Jun 07, 2024
Subscribe To Comments Reloaded (CVE-2024-31249) , Jun 07, 2024
Subscribe To Comments Reloaded (CVE-2014-2274) , Jun 07, 2024
Subscribe to Comments (CVE-2024-8792) , Oct 31, 2024
Subscribe to Comments (f69cd55925560294fe3e43bb5ca85d72219309c8) , Jun 07, 2024
New vulnerability
Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms (CVE-2025-7696) , Jul 21, 2025
Temporarily Hidden Content (CVE-2025-7658) , Jul 21, 2025
Testimonial Post type (CVE-2025-5800) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7369) , Jul 21, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-7354) , Jul 21, 2025