Disqus Comment System vulnerabilities
3 known vulnerabilities affecting disqus/disqus_comment_system.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2014-5347P3MEDIUMCVSS 6.8PoC≤ 2.75v2.40+30 more2014-08-19
CVE-2014-5347 [MEDIUM] CWE-352 CVE-2014-5347: Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin befor
Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) disqus_replace, (2) disqus_public_key, or (3) disqus_secret_key parameter to wp-admin/edi
nvd
CVE-2014-5346P4MEDIUMCVSS 6.8PoCv2.772014-08-19
CVE-2014-5346 [MEDIUM] CWE-352 CVE-2014-5346: Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77
Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active parameter to wp-admin/edit-comments.php, (3) import comments via an import_comments action, or
nvd
CVE-2014-5345P4MEDIUMCVSS 4.3PoC≤ 2.75v2.40+30 more2014-08-19
CVE-2014-5345 [MEDIUM] CWE-79 CVE-2014-5345: Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2
Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter.
nvd