• WordPress Plugin Subscribe to Comments is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Subscribe to Comments version 2.1.2 is vulnerable; prior versions are also affected.

• Update to plugin version 2.3 or latest

• • https://security.dxw.com/advisories/admin-only-local-file-inclusion-and-arbitrary-code-execution-in-subscribe-to-comments-2-1-2/
  • http://seclists.org/fulldisclosure/2015/Jul/71
  • https://packetstormsecurity.com/files/132694/WordPress-Subscribe-To-Comments-2.1.2-LFI-Code-Execution.html

• 

• CWE-22

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

• Missing Update File Inclusion

• WordPress Plugin Product Size charts for Woocommerce Unspecified Vulnerability (1.0)
• WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple HTML Injection Vulnerabilities (1.9.0)
• WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.20)
• WordPress 4.5.x Arbitrary File Deletion Vulnerability (4.5 - 4.5.14)
• Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3)