CVE-2022-29414

Name of the Vulnerable Software and Affected Versions Subscribe To Comments Reloaded plugin versions <= 211130

Description The issue affects the Subscribe To Comments Reloaded plugin on WordPress, allowing attackers to perform various actions due to multiple Cross-Site Request Forgery (CSRF) vulnerabilities. These actions include cleaning up the Log archive, downloading system info files, modifying plugin settings, generating new keys, resetting options, and changing notification settings, among others.

Recommendations For Subscribe To Comments Reloaded plugin versions <= 211130, consider temporarily disabling the plugin until a patch is available to prevent exploitation of the CSRF vulnerabilities. Restrict access to the management and settings pages of the plugin to minimize the risk of unauthorized changes. Avoid using the plugin's functionality for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.