CVE-2014-5346

Disqus Comment System - CSRF

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active parameter to wp-admin/edit-comments.php, (3) import comments via an import_comments action, or (4) export comments via an export_comments action to wp-admin/index.php.

Exploits (1)

exploitdb WORKING POC
htmlwebappsphp
https://www.exploit-db.com/exploits/34336

References (2)

Scores

EPSS 0.0024
EPSS Percentile 46.9%

Details

CWE
CWE-352
Status published
Products (1)
disqus/disqus_comment_system 2.77
Published Aug 19, 2014
Tracked Since Feb 18, 2026