We recently found a security vulnerability in the Disqus Comment System plugin for WordPress. It could, under very specific conditions, allow an attacker to perform arbitrary remote code execution (RCE). In other words, an attacker can do anything he wants with a vulnerable website.
While the flaw itself is very dangerous, it may only be triggered on servers using WordPress with PHP version 5.1.6 or earlier. This also means that only users of WordPress 3.1.4 (or earlier) are vulnerable to it as morerecent releases don’t support these older PHP versions.
more here..........http://blog.sucuri.net/2014/06/anatomy-of-a-remote-code-execution-bug-on-disqus.html
While the flaw itself is very dangerous, it may only be triggered on servers using WordPress with PHP version 5.1.6 or earlier. This also means that only users of WordPress 3.1.4 (or earlier) are vulnerable to it as morerecent releases don’t support these older PHP versions.
more here..........http://blog.sucuri.net/2014/06/anatomy-of-a-remote-code-execution-bug-on-disqus.html