CVE-2014-5345
Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0229 (2.3%)
Percentile: 84.8%
EPSS: 2026-05-06
Affects
disqus:disqus_comment_systemTechnical description
Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter.
Published: 8/19/2014, 7:55:04 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://packetstormsecurity.com/files/127847/WordPress-Disqus-2.7.5-CSRF-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2014/Aug/35
- http://www.securityfocus.com/bid/69205
- https://wordpress.org/plugins/disqus-comment-system/other_notes
- https://www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin
- http://packetstormsecurity.com/files/127847/WordPress-Disqus-2.7.5-CSRF-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2014/Aug/35
- http://www.securityfocus.com/bid/69205