CVE-2014-5346

Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active parameter to wp-admin/edit-comments.php, (3) import comments via an import_comments action, or (4) export comments via an export_comments action to wp-admin/index.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:disqus:disqus_comment_system:2.77:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 02:11

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2014/Aug/46 - () http://seclists.org/fulldisclosure/2014/Aug/46 -
References () https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77 - Exploit () https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77 - Exploit

Information

Published : 2014-08-19 19:55

Updated : 2024-11-21 02:11


NVD link : CVE-2014-5346

Mitre link : CVE-2014-5346

CVE.ORG link : CVE-2014-5346


JSON object : View

Products Affected

disqus

  • disqus_comment_system
CWE
CWE-352

Cross-Site Request Forgery (CSRF)