CVE-2015-10133
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-19

Last updated on: 2025-07-22

Assigner: Wordfence

Description
The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other β€œsafe” file types can be uploaded and included. This same function can also be used to execute arbitrary PHP code.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-19
Last Modified
2025-07-22
Generated
2026-05-06
AI Q&A
2025-07-19
EPSS Evaluated
2026-05-05
NVD
CVE-2015-10133
EUVD
EUVD-2015-9393
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpres subscribe_to_comments 2.1.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects the Subscribe to Comments WordPress plugin (version 2.1.2 and earlier) and allows authenticated administrators to perform a Local File Inclusion (LFI) attack via the 'Path to header' option. By exploiting this, an attacker with administrative privileges can include and execute arbitrary files on the server, including PHP code, which can lead to executing any PHP code on the server. This can bypass access controls and escalate privileges. [1, 2]


How can this vulnerability impact me? :

If exploited, this vulnerability can allow an attacker with administrative access to execute arbitrary PHP code on the server, potentially leading to privilege escalation, bypassing access controls, and unauthorized access to sensitive data. It can compromise the confidentiality, integrity, and availability of the affected system. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking if the Subscribe to Comments plugin version is 2.1.2 or earlier and if the 'Path to header' option in the plugin settings is set to arbitrary local file paths (e.g., /etc/passwd). A proof of concept involves navigating to the plugin settings page at /wp-admin/options-general.php?page=stc-options, setting the 'Path to header' to a local file, enabling 'Use custom style for Subscription Manager,' updating options, and then accessing the URL /?wp-subscription-manager=1 to trigger the inclusion. To detect exploitation attempts on your system, you can monitor web server logs for requests to /?wp-subscription-manager=1 or changes to the plugin settings. Specific commands are not provided in the resources. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade the Subscribe to Comments WordPress plugin to version 2.3 or later, where this vulnerability has been fixed. Until the upgrade is applied, restrict administrative access to trusted users only and monitor for suspicious activity related to the plugin settings and the /?wp-subscription-manager=1 endpoint. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart