PT-2025-30125 · WordPress · Subscribe To Comments For Wordpress
Published
2025-07-19
·
Updated
2025-07-19
·
CVE-2015-10133
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Subscribe to Comments for WordPress versions prior to 2.1.3
Description
The Subscribe to Comments for WordPress is susceptible to a Local File Inclusion issue via the
Path to header value. Authenticated attackers with administrative privileges and above can include and execute arbitrary files on the server, potentially leading to bypass of access controls, sensitive data exposure, or code execution if images or other file types can be uploaded and included. This functionality can also be used to execute arbitrary PHP code.Recommendations
Update Subscribe to Comments for WordPress to version 2.1.3 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Subscribe To Comments For Wordpress