Description
WordPress Plugin Subscribe to Comments is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Subscribe to Comments version 2.1.2 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 2.3 or latest
References
Related Vulnerabilities
WordPress Plugin WordPress Download Manager Cross-Site Request Forgery (2.9.60)
WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (2.0.2)
WordPress Plugin WooCommerce-GloBee Payment Gateway Security Bypass (1.1.1)
WordPress Plugin Import/Export Customizer Settings Cross-Site Request Forgery (1.0.3)
WordPress Plugin Delete Comments By Status Multiple Cross-Site Scripting Vulnerabilities (1.5.2)