VYPR

Subscribe to Comments

by WordPress

CVEs (2)

  • CVE-2015-10133HigJul 19, 2025
    risk 0.50cvss 7.2epss 0.01

    The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the…

  • CVE-2024-8792MedOct 30, 2024
    risk 0.40cvss 6.1epss 0.00

    The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject…