Lucene search

K
cve[email protected]CVE-2014-5347
HistoryAug 19, 2014 - 7:55 p.m.

CVE-2014-5347

2014-08-1919:55:04
CWE-352
web.nvd.nist.gov
23
cve-2014-5347
csrf
xss
disqus comment system
wordpress
plugin vulnerabilities
remote attackers
authentication hijacking
cross-site scripting
nvd

6.8 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

75.1%

Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) disqus_replace, (2) disqus_public_key, or (3) disqus_secret_key parameter to wp-admin/edit-comments.php in manage.php or that (4) reset or (5) delete plugin options via the reset parameter to wp-admin/edit-comments.php.

Affected configurations

NVD
Node
disqusdisqus_comment_systemRange2.75wordpress
OR
disqusdisqus_comment_systemMatch2.40wordpress
OR
disqusdisqus_comment_systemMatch2.41wordpress
OR
disqusdisqus_comment_systemMatch2.42wordpress
OR
disqusdisqus_comment_systemMatch2.43wordpress
OR
disqusdisqus_comment_systemMatch2.44wordpress
OR
disqusdisqus_comment_systemMatch2.45wordpress
OR
disqusdisqus_comment_systemMatch2.46wordpress
OR
disqusdisqus_comment_systemMatch2.47wordpress
OR
disqusdisqus_comment_systemMatch2.48wordpress
OR
disqusdisqus_comment_systemMatch2.49wordpress
OR
disqusdisqus_comment_systemMatch2.50wordpress
OR
disqusdisqus_comment_systemMatch2.51wordpress
OR
disqusdisqus_comment_systemMatch2.52wordpress
OR
disqusdisqus_comment_systemMatch2.53wordpress
OR
disqusdisqus_comment_systemMatch2.54wordpress
OR
disqusdisqus_comment_systemMatch2.55wordpress
OR
disqusdisqus_comment_systemMatch2.60wordpress
OR
disqusdisqus_comment_systemMatch2.61wordpress
OR
disqusdisqus_comment_systemMatch2.62wordpress
OR
disqusdisqus_comment_systemMatch2.63wordpress
OR
disqusdisqus_comment_systemMatch2.64wordpress
OR
disqusdisqus_comment_systemMatch2.65wordpress
OR
disqusdisqus_comment_systemMatch2.66wordpress
OR
disqusdisqus_comment_systemMatch2.67wordpress
OR
disqusdisqus_comment_systemMatch2.68wordpress
OR
disqusdisqus_comment_systemMatch2.69wordpress
OR
disqusdisqus_comment_systemMatch2.70wordpress
OR
disqusdisqus_comment_systemMatch2.71wordpress
OR
disqusdisqus_comment_systemMatch2.72wordpress
OR
disqusdisqus_comment_systemMatch2.73wordpress
OR
disqusdisqus_comment_systemMatch2.74wordpress

6.8 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

75.1%

Related for CVE-2014-5347