Unrated severityNVD Advisory· Published Aug 19, 2014· Updated May 6, 2026
CVE-2014-5347
CVE-2014-5347
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) disqus_replace, (2) disqus_public_key, or (3) disqus_secret_key parameter to wp-admin/edit-comments.php in manage.php or that (4) reset or (5) delete plugin options via the reset parameter to wp-admin/edit-comments.php.
Affected products
32cpe:2.3:a:disqus:disqus_comment_system:2.40:*:*:*:*:wordpress:*:*+ 31 more
- cpe:2.3:a:disqus:disqus_comment_system:2.40:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.41:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.42:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.43:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.44:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.45:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.46:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.47:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.48:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.49:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.50:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.51:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.52:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.53:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.54:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.55:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.60:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.61:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.62:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.63:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.64:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.65:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.66:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.67:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.68:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.69:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.70:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.71:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.72:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.73:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:2.74:*:*:*:*:wordpress:*:*
- cpe:2.3:a:disqus:disqus_comment_system:*:*:*:*:*:wordpress:*:*range: <=2.75
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- wordpress.org/plugins/disqus-comment-system/other_notesnvdPatch
- packetstormsecurity.com/files/127852/Disqus-2.7.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.htmlnvdExploit
- www.exploit-db.com/exploits/34336nvdExploit
- www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-pluginnvdExploit
- packetstormsecurity.com/files/127847/WordPress-Disqus-2.7.5-CSRF-Cross-Site-Scripting.htmlnvd
- seclists.org/fulldisclosure/2014/Aug/35nvd
- www.securityfocus.com/bid/69205nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/95288nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/95289nvd
- gist.github.com/nikcub/cb5dc7a5464276c8424anvd
News mentions
0No linked articles in our index yet.