CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31249 – WordPress Subscribe To Comments Reloaded plugin <= 220725 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-31249
Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725. The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 220725 via log files. This makes it possible for unauthenticated attackers to extract sensitive data from log files. • https://patchstack.com/database/vulnerability/subscribe-to-comments-reloaded/wordpress-subscribe-to-comments-reloaded-plugin-220725-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-2274 – Subscribe To Comments Reloaded <= 140129 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-2274
Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el plugin Subscribe To Comments Reloaded, en versiones anteriores a la 140219 para Wordpress, permite que atacantes remotos secuestren la autenticación de administradores para peticiones que llevan a cabo ataques de Cross-Site Scripting (XSS) mediante una petición a la página subscribe-to-comments-reloaded/options/index.php en wp-admin/admin.php. • https://security.dxw.com/advisories/stored-xss-and-csrf-vulnerabilities-in-subscribe-to-comments-reloaded-140129 https://wordpress.org/plugins/subscribe-to-comments-reloaded/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •