CVE-2014-2274

Name of the Vulnerable Software and Affected Versions Subscribe To Comments Reloaded plugin versions prior to 140219

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via a request to the "subscribe-to-comments-reloaded/options/index.php" page to "wp-admin/admin.php".

Recommendations For versions prior to 140219, update the Subscribe To Comments Reloaded plugin to version 140219 or later to resolve the issue. As a temporary workaround, consider restricting access to the subscribe-to-comments-reloaded/options/index.php page to minimize the risk of exploitation.