There are several cross site request forgery vulnerabilities in the Disqus WordPress Plugin, version 2.77.
Let’s start with the technical details, then I’ll get to the commentary.
Three settings in the admin interface lack nonces. By exploiting this you can activate or deactivate the plugin, and import or export comments between your wordpress database and disqus.
more here...........https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77/
Let’s start with the technical details, then I’ll get to the commentary.
Three settings in the admin interface lack nonces. By exploiting this you can activate or deactivate the plugin, and import or export comments between your wordpress database and disqus.
more here...........https://vexatioustendencies.com/csrf-in-disqus-wordpress-plugin-v2-77/