SecurityHome.eu Security vulnerability: WordPress Disqus 2.7.7 Cross Site Request Forgery

Home / vulnerabilities PDF

WordPress Disqus 2.7.7 Cross Site Request Forgery
Posted on 18 August 2014
Source : packetstormsecurity.org Link

Disqus for Wordpress
https://wordpress.org/plugins/disqus-comment-system
Version affected: up to v2.77

CSRF allows for activation and deactivation of the plugin and syncing comments between Disqus servers and the WP database.
They supposedly just fixed the CSRF issues. Ugh. Sorry Nik. Even when you tell them about nonces they still don't get it right.

More details can be found here:
https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77/

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20