CVE-2022-29414— WordPress Subscribe To Comments Reloaded plugin <= 211130 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-29414
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress Subscribe To Comments Reloaded plugin <= 211130 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress plugin Subscribe To Comments Reloaded 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin Subscribe To Comments Reloaded 211130版本及之前版本存在跨站请求伪造漏洞。攻击者利用该漏洞可以清理日志档案、下载系统信息文件、插件系统设置、插件选项设置、生成新密钥、重置所有选项、更改通知设置、管理页面设置、评论表单设置、管理订阅—>批量更新设置、管理订阅—>添加新订阅,更新订阅,删除订阅。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| WPKube | Subscribe To Comments Reloaded (WordPress plugin) | <= 211130 ~ 211130 | - |
II. Public POCs for CVE-2022-29414
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-29414
请登录查看更多情报信息。
- https://wordpress.org/plugins/subscribe-to-comments-reloaded/x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2022-29414
IV. Related Vulnerabilities
Same vendor: WPKube
- CVE-2026-4409
Subscribe To Comments Reloaded <= 240119 - Improper Authoriz - CVE-2025-69011
WordPress Cool Tag Cloud plugin <= 2.29 - Cross Site Scripti - CVE-2025-13614
Cool Tag Cloud <= 2.29 - Authenticated (Contributor+) Stored - CVE-2025-12010
Authors List <= 2.0.6.1 - Authenticated (Contributor+) Sensi - CVE-2025-58792
WordPress Authors List plugin <= 2.0.6.2 - Cross Site Reques
Same weakness: CWE-352
- CVE-2021-47953
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/pass - CVE-2021-47946
OpenCart 3.0.36 Account Takeover via Cross Site Request Forg - CVE-2022-50955
WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-42286
Emlog: Cross-Site Request Forgery in Admin Functions
V. Comments for CVE-2022-29414
No comments yet