3 matches found
CVE-2014-2550
Cross-site request forgery CSRF vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disablecommentssettings page to wp-admin/options-general.php...
CVE-2014-2550
Cross-site request forgery CSRF vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disablecommentssettings page to wp-admin/options-general.php...
CVE-2014-2550
The CVE-2014-2550 entry concerns a CSRF vulnerability in the WordPress Disable Comments plugin prior to v1.0.4. The vulnerability allows remote attackers to hijack administrator authentication by issuing requests to the disable_comments_settings page (wp-admin/options-general.php) to enable comme...