Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Subscribe To Comments Reloaded Project | Subscribe To Comments Reloaded | <= 140204 |
Related Weaknesses (CWE)
References
- https://security.dxw.com/advisories/stored-xss-and-csrf-vulnerabilities-in-subscExploitThird Party Advisory
- https://wordpress.org/plugins/subscribe-to-comments-reloaded/#developersThird Party Advisory
- https://security.dxw.com/advisories/stored-xss-and-csrf-vulnerabilities-in-subscExploitThird Party Advisory
- https://wordpress.org/plugins/subscribe-to-comments-reloaded/#developersThird Party Advisory
FAQ
What is CVE-2014-2274?
CVE-2014-2274 is a vulnerability with a CVSS score of 8.8 (HIGH). Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requ...
How severe is CVE-2014-2274?
CVE-2014-2274 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2274?
Check the references section above for vendor advisories and patch information. Affected products include: Subscribe To Comments Reloaded Project Subscribe To Comments Reloaded.