CVE-2022-29414

Subscribe To Comments Reloaded <= 211130 - Cross-Site Request Forgery

highCross-Site Request Forgery (CSRF)

8.8

CVSS Score

8.8

CVSS Score

high

Severity

220502

Patched in

633d

Time to patch

Description

Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

High

Confidentiality

High

Integrity

High

Availability

Technical Details

Affected versions<=211130

PublishedApril 29, 2022

Last updatedJanuary 22, 2024

Affected pluginsubscribe-to-comments-reloaded

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/5be2c2e7-f982-410d-a5dc-f3ef976dff02?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database