NVD

Id
33046  
Name
CVE-2014-5347  
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) disqus_replace, (2) disqus_public_key, or (3) disqus_secret_key parameter to wp-admin/edit-comments.php in manage.php or that (4) reset or (5) delete plugin options via the reset parameter to wp-admin/edit-comments.php.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-08-19  
Modified Date
2014-08-20  
Seq
2014-5347  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
173375 33046 CVE-2014-5347 http://packetstormsecurity.com/files/127847/WordPress-Disqus-2.7.5-CSRF-Cross-Site-Scripting.html  View
173376 33046 CVE-2014-5347 http://packetstormsecurity.com/files/127852/Disqus-2.7.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html  View
173377 33046 CVE-2014-5347 20140812 Multiple Vulnerabilities in Disqus for Wordpress v2.7.5  View
173378 33046 CVE-2014-5347 34336  View
173379 33046 CVE-2014-5347 69205  View
173380 33046 CVE-2014-5347 disqus-wordpress-manage-csrf(95288)  View
173381 33046 CVE-2014-5347 disqus-wordpress-nonce-sec-bypass(95289)  View
173382 33046 CVE-2014-5347 https://gist.github.com/nikcub/cb5dc7a5464276c8424a  View
173383 33046 CVE-2014-5347 https://wordpress.org/plugins/disqus-comment-system/other_notes  View
173384 33046 CVE-2014-5347 https://www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
14984 JVNDB-2014-003859 WordPress 用 Disqus Comment System プラグインにおけるクロスサイトリクエストフォージェリの脆弱性 WordPress 用 Disqus Comment System プラグインには、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2014-5347 72636 CVE-2014-5347 33046 6.8 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003859.html 2014-06-24 2014-08-21 View