Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

CSRF in Disqus for Wordpress 2.77

From: "Voxel@Night" <voxelnight () vexatioustendencies com>
Date: Sat, 16 Aug 2014 12:45:23 -0700

Disqus for Wordpress
https://wordpress.org/plugins/disqus-comment-system
Version affected: up to v2.77

CSRF allows for activation and deactivation of the plugin and syncing comments between Disqus servers and the WP 
database.
They supposedly just fixed the CSRF issues. Ugh. Sorry Nik. Even when you tell them about nonces they still don't get 
it right.

More details can be found here:
https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77/


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: