Full Disclosure mailing list archives
CSRF in Disqus for Wordpress 2.77
From: "Voxel@Night" <voxelnight () vexatioustendencies com>
Date: Sat, 16 Aug 2014 12:45:23 -0700
Disqus for Wordpress https://wordpress.org/plugins/disqus-comment-system Version affected: up to v2.77 CSRF allows for activation and deactivation of the plugin and syncing comments between Disqus servers and the WP database. They supposedly just fixed the CSRF issues. Ugh. Sorry Nik. Even when you tell them about nonces they still don't get it right. More details can be found here: https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77/ _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CSRF in Disqus for Wordpress 2.77 Voxel@Night (Aug 16)