CVE-2014-5346

Name of the Vulnerable Software and Affected Versions Disqus Comment System plugin version 2.77

Description The issue affects the Disqus Comment System plugin, allowing remote attackers to hijack the authentication of administrators. This can be achieved through multiple cross-site request forgery (CSRF) vulnerabilities. The vulnerabilities enable attackers to perform actions such as activating or deactivating the plugin, importing comments via an import comments action, or exporting comments via an export comments action to wp-admin/index.php. The vulnerable endpoints include wp-admin/edit-comments.php with the active parameter.

Recommendations For Disqus Comment System plugin version 2.77, update the plugin to a version that addresses the CSRF vulnerabilities. At the moment, there is no information about a newer version that contains a fix for this vulnerability.