CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2274

Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.6%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

Products affected by CVE-2014-2274

Subscribe To Comments Reloaded Project » Subscribe To Comments Reloaded » Version: 140128

cpe:2.3:a:subscribe_to_comments_reloaded_project:subscribe_to_comments_reloaded:140128
Subscribe To Comments Reloaded Project » Subscribe To Comments Reloaded » Version: 140129

cpe:2.3:a:subscribe_to_comments_reloaded_project:subscribe_to_comments_reloaded:140129
Subscribe To Comments Reloaded Project » Subscribe To Comments Reloaded » Version: 140204

cpe:2.3:a:subscribe_to_comments_reloaded_project:subscribe_to_comments_reloaded:140204

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2274

Products

Pricing

Contact Us