Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that activate or deactivate the plugin via the “active” parameter to wp-admin/edit-comments.php.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
disqus comment system | le | 2.77 |