Full Disclosure mailing list archives
Multiple Vulnerabilities in Disqus for Wordpress v2.7.5
From: Nik Cubrilovic <nikcub () gmail com>
Date: Wed, 13 Aug 2014 07:21:16 +1000
Vendor: Disqus for Wordpress - https://wordpress.org/plugins/disqus-comment-system Code repo: https://github.com/disqus/disqus-wordpress/ Version affected: up to v2.7.5 15th most popular Wordpress plugin with 1.4M+ installs. Three issues: CSRF in manage.php, no nonce check on settings reset or delete and reflected XSS in upgrade.php. Full details: https://www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin/ Reported: June 9th 2014 Patched: June 24th 2014 in v2.7.6 Nik -- Nik Cubrilovic - http://www.nikcub.com _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Multiple Vulnerabilities in Disqus for Wordpress v2.7.5 Nik Cubrilovic (Aug 12)