WordPress Disqus versions up to 2.77 suffer from multiple cross site request forgery vulnerabilities.
18ea452355661321f38453a9406d157fc2de6d549d6c0b53601bcd2c5706cd0a
Disqus for Wordpress
https://wordpress.org/plugins/disqus-comment-system
Version affected: up to v2.77
CSRF allows for activation and deactivation of the plugin and syncing comments between Disqus servers and the WP database.
They supposedly just fixed the CSRF issues. Ugh. Sorry Nik. Even when you tell them about nonces they still don't get it right.
More details can be found here:
https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77/
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed