Subscribe to Comments Plugin subscribe-to-comments.php cross site scripting
CVE-2006-10001

5.4MEDIUM

Key Information:

Vendor
Wordpress
Status
Subscribe To Comments Plugin
Vendor
CVE Published:
5 March 2023

Summary

A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The identifier of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability.

Affected Version(s)

Subscribe to Comments Plugin 2.0.0

Subscribe to Comments Plugin 2.0.1

Subscribe to Comments Plugin 2.0.2

References

https://vuldb.com/?id.222321
vdb-entrytechnical-description
https://vuldb.com/?ctiid.222321
signaturepermissions-required
https://github.com/wp-plugins/subscribe-to-comments/commi...
patch

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.