The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.
8.8CVSS
8.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo β Social Network, Membership, Registration, User Profiles plugin <= 6.0.2.0 versions.
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo plugin <= 6.0.2.0 versions.
8.8CVSS
8.8AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo β Social Network, Membership, Registration, User Profiles plugin <= 6.0.9.0 versions.
8.8CVSS
8.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <= 6.1.6.0 versions.
8.8CVSS
8.8AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo β Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo β Social Network, Membership, Registration, User Profil...
6.5CVSS
5.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo β Social Network, Membership, Registration, User Profiles allows Reflected XSS.This issue affects Community by PeepSo β Social Network, Membership, Registration, User Pro...
7.1CVSS
6.5AI Score
0.0005EPSS
The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack
4.3CVSS
4.5AI Score
0.0005EPSS
The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
6.1CVSS
6AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo β Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo β Social Network, Membership, Registration, User Profil...
6.5CVSS
5.8AI Score
0.0004EPSS