CVE-2015-10133

{"id": "CVE-2015-10133", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2025-07-19T10:15:23.227", "references": [{"url": "https://advisories.dxw.com/advisories/admin-only-local-file-inclusion-and-arbitrary-code-execution-in-subscribe-to-comments-2-1-2/", "tags": ["Exploit", "Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://packetstormsecurity.com/files/132694/", "tags": ["Exploit", "Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1198281%40subscribe-to-comments&new=1198281%40subscribe-to-comments&sfp_email=&sfph_mail=", "tags": ["Product", "Release Notes"], "source": "security@wordfence.com"}, {"url": "https://seclists.org/fulldisclosure/2015/Jul/71", "tags": ["Exploit", "Mailing List"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f92784a7-f2b3-47f8-b03f-4e234b57e40a?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-98"}]}], "descriptions": [{"lang": "en", "value": "The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. This same function can also be used to execute arbitrary PHP code."}, {"lang": "es", "value": "Subscribe to Comments de WordPress es vulnerable a la inclusi\u00f3n de archivos locales en versiones hasta la 2.1.2 incluida a trav\u00e9s del valor del encabezado \"Path to\". Esto permite a atacantes autenticados, con privilegios administrativos o superiores, incluir y ejecutar archivos arbitrarios en el servidor, lo que permite la ejecuci\u00f3n de cualquier c\u00f3digo PHP en dichos archivos. Esto puede usarse para eludir los controles de acceso, obtener datos confidenciales o ejecutar c\u00f3digo cuando se pueden subir e incluir im\u00e1genes y otros tipos de archivos \"seguros\". Esta misma funci\u00f3n tambi\u00e9n puede usarse para ejecutar c\u00f3digo PHP arbitrario."}], "lastModified": "2025-12-23T15:58:31.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:markjaquith:subscribe_to_comments:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "1C68F2B4-9F2A-48E0-9D90-A8124D6C78F3", "versionEndIncluding": "2.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}