Does Subscribe To Comments Reloaded have any unpatched vulnerabilities?

No. All known vulnerabilities in Subscribe To Comments Reloaded have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Subscribe To Comments Reloaded compatible with WordPress 6.4.8?

According to WordPress.org data, Subscribe To Comments Reloaded 240119 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is Subscribe To Comments Reloaded compatible with PHP 5.6+?

Subscribe To Comments Reloaded requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Subscribe To Comments Reloaded updated?

Subscribe To Comments Reloaded was last updated on Jan 19, 2024. Frequent updates are generally a positive security signal.

What is Subscribe To Comments Reloaded's security score?

Subscribe To Comments Reloaded has a WP-Safety security score of 80/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Subscribe To Comments Reloaded Security Review — Score 80/100 (generally safe)

Safety Verdict

Is Subscribe To Comments Reloaded Safe to Use in 2026?

Mostly Safe

Score 80/100

Subscribe To Comments Reloaded is generally safe to use though it hasn't been updated recently. 4 past CVEs were resolved. Keep it updated.

4 known CVEsLast CVE: Apr 5, 2024Updated 2yr ago

Risk Assessment

The subscribe-to-comments-reloaded plugin exhibits a generally good security posture in its latest version (v240119), with a commendable emphasis on prepared statements and output escaping. The absence of unprotected entry points, dangerous functions, and critically or highly-tainted flows is a strong positive. However, a significant number of flows with unsanitized paths (16 out of 21) is a notable concern that warrants further investigation. While these flows are not currently classified as critical or high severity, they represent potential avenues for future vulnerabilities if not properly handled.

The plugin's vulnerability history reveals a pattern of issues including exposure of sensitive information, CSRF, and XSS. While there are no currently unpatched vulnerabilities, the existence of past high and medium severity CVEs suggests that the codebase has had weaknesses in the past. The most recent vulnerability being only a month ago indicates an ongoing need for vigilance and prompt patching of any newly discovered issues.

In conclusion, subscribe-to-comments-reloaded v240119 appears to have addressed many common security pitfalls, demonstrating good development practices in its current state. The primary area for improvement lies in thoroughly sanitizing the identified unsanitized paths. The historical vulnerability data underscores the importance of continued security auditing and timely updates to maintain a robust security posture.

Key Concerns

Multiple flows with unsanitized paths found
Past high severity vulnerabilities present
Past medium severity vulnerabilities present
Significant percentage of SQL not prepared
File operations present
External HTTP requests present
Bundled TinyMCE library
Bundled DataTables library

Vulnerabilities

4

Subscribe To Comments Reloaded Security Vulnerabilities

CVEs by Year

1 CVE in 2014

2014

1 CVE in 2015

2015

1 CVE in 2022

2022

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

2

Medium

2

4 total CVEs

CVE-2024-31249medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Subscribe To Comments Reloaded <= 220725 - Unauthenticated Sensitive Information Exposure

Apr 5, 2024 Patched in 240119 (7d)

CVE-2022-29414high · 8.8Cross-Site Request Forgery (CSRF)

Subscribe To Comments Reloaded <= 211130 - Cross-Site Request Forgery

Apr 29, 2022 Patched in 220502 (633d)

WF-ce03e98d-7c29-405f-81bc-4a1114d9889d-subscribe-to-comments-reloadedmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Subscribe To Comments Reloaded < 150820 - Reflected Cross-Site Scripting

Aug 20, 2015 Patched in 150820 (3078d)

CVE-2014-2274high · 8.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Subscribe To Comments Reloaded <= 140129 - Cross-Site Request Forgery to Cross-Site Scripting

Feb 18, 2014 Patched in 140219 (3626d)

Code Analysis

Analyzed Mar 16, 2026

Subscribe To Comments Reloaded Code Analysis

Dangerous Functions

0

Raw SQL Queries

29

51 prepared

Unescaped Output

68

569 escaped

Nonce Checks

15

Capability Checks

24

File Operations

2

External Requests

5

Bundled Libraries

2

Bundled Libraries

TinyMCEDataTables

SQL Query Safety

64% prepared80 total queries

Output Escaping

89% escaped637 total outputs

Data Flows

16 unsanitized

Data Flow Analysis

21 flows16 with unsanitized paths

<panel1-add-subscription> (options\panel1-add-subscription.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Subscribe To Comments Reloaded Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[stcr_management_page] wp_subscribe_reloaded.php:93

[subscribe-url] wp_subscribe_reloaded.php:214

WordPress Hooks 32

actionplugins_loadedclasses\stcr_i18n.php:22

actionadmin_initutils\stcr_upgrade.php:714

actionadmin_enqueue_scriptsutils\stcr_utils.php:613

actionwp_enqueue_scriptsutils\stcr_utils.php:636

actioncomment_formwp_subscribe_reloaded.php:69

filtercomment_form_submit_fieldwp_subscribe_reloaded.php:71

actioncomment_form_must_log_in_afterwp_subscribe_reloaded.php:75

actioncomment_postwp_subscribe_reloaded.php:116

action_cron_subscribe_reloaded_purgewp_subscribe_reloaded.php:119

action_cron_log_file_purgewp_subscribe_reloaded.php:120

actionplugins_loadedwp_subscribe_reloaded.php:123

filterthe_postswp_subscribe_reloaded.php:150

actionwp_headwp_subscribe_reloaded.php:153

filtercomment_textwp_subscribe_reloaded.php:157

actionwp_footerwp_subscribe_reloaded.php:160

actionwpmu_new_blogwp_subscribe_reloaded.php:169

actiondelete_postwp_subscribe_reloaded.php:172

actiondeleted_commentwp_subscribe_reloaded.php:175

actionwp_set_comment_statuswp_subscribe_reloaded.php:176

filtermanage_edit-comments_columnswp_subscribe_reloaded.php:179

actionmanage_comments_custom_columnwp_subscribe_reloaded.php:180

actionadmin_menuwp_subscribe_reloaded.php:200

actionadmin_print_styles-edit-comments.phpwp_subscribe_reloaded.php:201

actionadmin_print_styles-edit.phpwp_subscribe_reloaded.php:202

actionin_admin_headerwp_subscribe_reloaded.php:205

actionadmin_initwp_subscribe_reloaded.php:208

actionadmin_noticeswp_subscribe_reloaded.php:211

filterplugin_action_linkswp_subscribe_reloaded.php:217

actionpublish_postwp_subscribe_reloaded.php:221

actionadmin_initwp_subscribe_reloaded.php:231

filterduplicate_post_blacklist_filterwp_subscribe_reloaded.php:234

actionwp_headwp_subscribe_reloaded.php:983

Scheduled Events 3

_cron_subscribe_reloaded_system_report_file_purge

_cron_log_file_purge

_cron_subscribe_reloaded_purge

Maintenance & Trust

Subscribe To Comments Reloaded Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedJan 19, 2024

PHP min version5.6

Downloads966K

Community Trust

Rating90/100

Number of ratings169

Active installs10K

Alternatives

Subscribe To Comments Reloaded Alternatives

Subscribe To Comments Checkbox

comments-subscribe-checkbox

A

100

This plugin will allow you to add subscribe notification checkbox to comments on your site.

100 No CVEs

Lightweight Subscribe To Comments

comment-notifier-no-spammers

A

92

Easiest and most lightweight plugin to let visitors subscribe to comments and get email notifications.

1K No CVEs

Mail To All

mail-to-all-comment

A

85

You can easily send subscription,notification,newsletter,etc by email to your comments users under one post.

10 No CVEs

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

A

92

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs

Creative Mail – Easier WordPress & WooCommerce Email Marketing

creative-mail-by-constant-contact

A

90

Creative Mail was designed specifically for WordPress and WooCommerce. Our intelligent (and super fun) email editor simplifies email marketing campaig …

300K 3 CVEs

Developer Profile

Subscribe To Comments Reloaded Developer Profile

WPKube

9 plugins · 238K total installs

66

trust score

Avg Security Score

81/100

Avg Patch Time

725 days

View full developer profile

Detection Fingerprints

How We Detect Subscribe To Comments Reloaded

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/subscribe-to-comments-reloaded/css/stcr-admin-style.css/wp-content/plugins/subscribe-to-comments-reloaded/js/stcr-admin-js.js

Script Paths

/wp-content/plugins/subscribe-to-comments-reloaded/js/stcr-admin-js.js

Version Parameters

subscribe-to-comments-reloaded/css/stcr-admin-style.css?ver=subscribe-to-comments-reloaded/js/stcr-admin-js.js?ver=

HTML / DOM Fingerprints

CSS Classes

stcr-dismiss-notice

Data Attributes

data-nonce

FAQ

Subscribe To Comments Reloaded Security & Risk Analysis

Is Subscribe To Comments Reloaded Safe to Use in 2026?

Mostly Safe

Key Concerns

Subscribe To Comments Reloaded Security Vulnerabilities

CVEs by Year

Severity Breakdown

Subscribe To Comments Reloaded Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Subscribe To Comments Reloaded Attack Surface

Shortcodes 2

Scheduled Events 3

Subscribe To Comments Reloaded Maintenance & Trust

Maintenance Signals

Community Trust

Subscribe To Comments Reloaded Alternatives

Subscribe To Comments Checkbox

Lightweight Subscribe To Comments

Mail To All

MC4WP: Mailchimp for WordPress

Creative Mail – Easier WordPress & WooCommerce Email Marketing

Subscribe To Comments Reloaded Developer Profile

How We Detect Subscribe To Comments Reloaded

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Subscribe To Comments Reloaded