Description
WordPress Plugin Subscribe to Comments is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Subscribe to Comments version 2.1.2 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 2.3 or latest
References
Related Vulnerabilities
phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2506)
WordPress Plugin GiveWP-Donation and Fundraising Platform SQL Injection (2.24.0)
WordPress Plugin Custom Post Type Relations Cross-Site Scripting (1.0)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4569)
Oracle Database Server Improper Authentication Vulnerability (CVE-2012-3137)