| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAM95LejDCnSCxnzefSdtThoFr8-YDh+49TQD-TDUVsCKjrcxwA@mail.gmail.com> Date: Wed, 13 Aug 2014 07:21:16 +1000 From: Nik Cubrilovic <nikcub@...il.com> To: fulldisclosure@...lists.org Subject: [FD] Multiple Vulnerabilities in Disqus for Wordpress v2.7.5 Vendor: Disqus for Wordpress - https://wordpress.org/plugins/disqus-comment-system Code repo: https://github.com/disqus/disqus-wordpress/ Version affected: up to v2.7.5 15th most popular Wordpress plugin with 1.4M+ installs. Three issues: CSRF in manage.php, no nonce check on settings reset or delete and reflected XSS in upgrade.php. Full details: https://www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin/ Reported: June 9th 2014 Patched: June 24th 2014 in v2.7.6 Nik -- Nik Cubrilovic - http://www.nikcub.com _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists