Remote code execution (RCE) vulnerability has been discovered in the comment and discussion service, plugin for the most popular Blogging Platform WordPress plugin. About 1.3 million of them use the’Disqus Comment System’ plugin, making it one of the popular plugins of WordPress for web comments and discussions. The vulnerability could be triggered by a remote attacker, only if it is using following application versions on the server/website. So, it is highly recommended to those using an outdated versions of WordPress, Disqus Comment plugin 2.76 and PHP to upgrade to the latest version as soon as possible.
Source: https://thehackernews.com/2014/06/disqus-wordpress-plugin-flaw-leaves.html