Subscribe To Comments Reloaded
0 remedies
cpe:2.3:a:subscribe_to_comments_reloaded_project:subscribe_to_comments_reloaded:*:*:*:*:wordpress:*:*
0 remedies
- <= 240119
Subscribe To Comments Reloaded WordPress Plugin Improper Authorization Vulnerability Allowing Unauthenticated Subscription Management
Vulnerability
A vulnerability exists in the Subscribe To Comments Reloaded WordPress plugin, in all versions up to and including 240119. The issue stems from a leaked secret key and the use of a weak hash generation algorithm, which together allow unauthenticated attackers to manipulate comment subscription preferences for any user. Exploitation involves extracting the global key from a public post page, forging authorization keys, and then using these to manage subscription settings.
Impact
Exploitation of this vulnerability allows for unauthorized changes to comment subscription preferences, potentially leading to misuse of the subscription management features of the plugin.
Reproduction
The vulnerability can be reproduced by accessing a public post page with the Subscribe To Comments Reloaded plugin active. The global key can be extracted from the page, and then used to forge authorization keys. With the forged keys, subscription preferences can be managed for any user.
Remediation
No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.
Added: May 5, 2026, 3:33 AM
Updated: May 5, 2026, 3:33 AM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
3.1exploitability
8.9remediation
0.0relevance
7.5threat
4.8urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.