[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] CSRF in Disqus for Wordpress 2.77

To: <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] CSRF in Disqus for Wordpress 2.77
From: "Voxel@Night" <voxelnight@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 16 Aug 2014 12:45:23 -0700

Disqus for Wordpress
https://wordpress.org/plugins/disqus-comment-system
Version affected: up to v2.77

CSRF allows for activation and deactivation of the plugin and syncing comments 
between Disqus servers and the WP database.
They supposedly just fixed the CSRF issues. Ugh. Sorry Nik. Even when you tell 
them about nonces they still don't get it right.

More details can be found here:
https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77/


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)
Next by Date: [FD] Outlook.com for Android fails to validate server certificates
Previous by thread: [FD] Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more)
Next by thread: [FD] Outlook.com for Android fails to validate server certificates
Index(es):
- Date
- Thread