CVE-2015-10133

HIGH

Subscribe to Comments for WordPress <=2.1.2 - Local File Inclusion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-10133. Includes Metasploit module auxiliary/scanner/http/wp_subscribe_comments_file_read.

AI-analyzed exploit summary This Metasploit module exploits an authenticated directory traversal vulnerability in the WordPress Subscribe to Comments plugin (version 2.1.2) to read arbitrary files with web server privileges. It authenticates, retrieves a nonce, and manipulates plugin settings to trigger the file read.

Description

The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This same function can also be used to execute arbitrary PHP code.

Exploits (1)

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_subscribe_comments_file_read.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated directory traversal vulnerability in the WordPress Subscribe to Comments plugin (version 2.1.2) to read arbitrary files with web server privileges. It authenticates, retrieves a nonce, and manipulates plugin settings to trigger the file read.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: WordPress Subscribe to Comments plugin version 2.1.2

Auth required

Prerequisites: Valid WordPress credentials · Subscribe to Comments plugin version 2.1.2 installed

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory

https://advisories.dxw.com/advisories/admin-only-local-file-inclusion-and-arbitrary-code-execution-in-subscribe-to-comments-2-1-2/

Exploit, Third Party Advisory

https://packetstormsecurity.com/files/132694/

Product, Release Notes

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=1198281%40subscribe-to-comments&new=1198281%40subscribe-to-comments&sfp_email=&sfph_mail=

Exploit, Mailing List

https://seclists.org/fulldisclosure/2015/Jul/71

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/f92784a7-f2b3-47f8-b03f-4e234b57e40a?source=cve

Scores

CVSS v3 7.2

EPSS 0.0139

EPSS Percentile 68.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-98

Status published

Products (2)

markjaquith/Subscribe to Comments < 2.1.2

markjaquith/subscribe_to_comments < 2.1.2

Published Jul 19, 2025

Tracked Since Feb 18, 2026