CVE-2014-5345

2022-10-0316:20:42

mitre

www.cve.org

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.4%

JSON

Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter.

References

packetstormsecurity.com/files/127847/WordPress-Disqus-2.7.5-CSRF-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2014/Aug/35

www.securityfocus.com/bid/69205

wordpress.org/plugins/disqus-comment-system/other_notes

www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin