QwikSec

Security Database

CVE

CWE

Training

CVE-2014-2550

Published: Mar 19, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site request forgery (CSRF) vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disable_comments_settings page to wp-admin/options-general.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

disable-comments-wordpress-csrf(92219)

vdb-entry

x_refsource_XF

https://security.dxw.com/advisories/csrf-in-disable-comments-1-0-3/

x_refsource_MISC

https://wordpress.org/plugins/disable-comments/#developers

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.