[FD] Admin-only local file inclusion and arbitrary code execution in Subscribe to Comments 2.1.2 (WordPress plugin)

Details ================ Software: Subscribe to Comments Version: 2.1.2 Homepage: http://ift.tt/1eTWE5E Advisory report: http://ift.tt/1Ht2MAY CVE: Awaiting assignment CVSS: 8 (High; AV:N/AC:L/Au:S/C:C/I:P/A:P) Description ================ Admin-only local file inclusion and arbitrary code execution in Subscribe to Comments 2.1.2 Vulnerability ================ Administrators can perform Local File include attacks, which is a privilege escalation on systems where the administrator doesn’t have control over the server. If administrators can upload PHP files (or any file which can contain “