CVE-2014-5346 in Comment SystemИнформация

Сводка

по MITRE

Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active parameter to wp-admin/edit-comments.php, (3) import comments via an import_comments action, or (4) export comments via an export_comments action to wp-admin/index.php.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Резервировать

19.08.2014

Раскрытие

19.08.2014

Модерация

принято

Вход

VDB-70667

Эксплойт

Скачать

EPSS

0.02670

KEV

Нет

Деятельности

Очень низкий

Источники

Do you want to use VulDB in your project?

Use the official API to access entries easily!