WordPress Subscribe To Comments Reloaded plugin <= 211130 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Vulnerable versions
<= 211130
PSID
fa3e5c60ee5d
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Required privilege
Publicly disclosed
2022-04-29
Patchstack vPatch available since
09.12.2021
Details
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities discovered by Ex.Mi (Patchstack) in WordPress Subscribe To Comments Reloaded plugin (versions <= 211130).
Solution
Update the WordPress Subscribe To Comments Reloaded plugin to the latest available version (at least 220502)
References
CVE-2022-29414
Plugin page