CVE-2014-5347

Name of the Vulnerable Software and Affected Versions Disqus Comment System plugin versions prior to 2.76 for WordPress

Description The issue allows remote attackers to hijack the authentication of administrators for requests, conducting cross-site scripting (XSS) attacks. This is achieved via the disqus replace, disqus public key, or disqus secret key parameter to "wp-admin/edit-comments.php" in manage.php, or by resetting or deleting plugin options via the reset parameter to "wp-admin/edit-comments.php".

Recommendations For Disqus Comment System plugin versions prior to 2.76, update to version 2.76 or later to resolve the issue.