WordPress Disqus Comment System Plugin Multiple Security Vulnerabilities

Bugtraq ID:	69205
Class:	Input Validation Error
CVE:	CVE-2014-5345 CVE-2014-5347
Remote:	Yes
Local:	No
Published:	Aug 12 2014 12:00AM
Updated:	Aug 21 2014 12:14AM
Credit:	Nik Cubrilovic
Vulnerable:
Not Vulnerable:

WordPress Disqus Comment System Plugin Multiple Security Vulnerabilities

The Disqus Comment System plugin for WordPress is prone to multiple cross-site scripting vulnerabilities and multiple cross-site request-forgery vulnerabilities.

An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or perform unauthorized actions. Other attacks may also be possible.

Disqus Comment System 2.75 and prior are vulnerable.

WordPress Disqus Comment System Plugin Multiple Security Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI or visiting a malicious website.

WordPress Disqus Comment System Plugin Multiple Security Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

WordPress Disqus Comment System Plugin Multiple Security Vulnerabilities

References: