WordPress Community by PeepSo plugin < 6.3.1.2 - User Post Creation via CSRF vulnerability

User Post Creation via CSRF vulnerability discovered by Bikram Kharal in WordPress Plugin Community by PeepSo versions 6.3.1.2...

EUVD-2018-13149

Malware in sbrugna...

CVE-2025-54870

creationtimestamp| type| source ---|---|--- 2025-08-05 03:58:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvmsyyidi52q...

GHSA-GVFX-P3H5-QF65

creationtimestamp| type| source ---|---|--- 2025-07-10 17:35:09+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114830141628115070...

GHSA-HGQP-3MMF-7H8F

creationtimestamp| type| source ---|---|--- 2025-06-21 05:34:22+00:00| seen| https://bsky.app/profile/raptor.infosec.exchange.ap.brid.gy/post/3ls3te744yuq2 2025-06-23 23:32:45+00:00| seen| https://seclists.org/oss-sec/2025/q2/273 2025-06-23 23:32:45+00:00| seen|...

CVE-2023-22453

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, the number of times a user posted in an arbitrary topic is exposed to unauthorized users through the /u/username.json endpoint. The issue...

CVE-2018-9120

In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post...

CVE-2025-0444

creationtimestamp| type| source ---|---|--- 2025-02-04 18:57:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113947144062411419 2025-02-04 19:05:24+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113947176087524263 2025-02-04 19:15:47+00:00| seen|...

CERTFR-2023-ALE-002

creationtimestamp| type| source ---|---|--- 2025-01-29 16:47:35+00:00| seen| https://bsky.app/profile/tuxpanik.bsky.social/post/3lgvgckb3nn2g...

CVE-2023-7125

The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack...

CVE-2023-7125

The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack...

Cross site request forgery (csrf)

The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack...

CVE-2023-7125 Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF

The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack...

CVE-2023-7125 Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF

The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack...

Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF

Description The plugin does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack PoC 1. Log in as a normal user. 2. Save the content below as an HTML file. 3. Change...

Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF

Description The plugin does not have CSRF check when creating a user post visible on their wall in their profile page, which could allow attackers to make logged in users perform such action via a CSRF attack 1. Log in as a normal user. 2. Save the content below as an HTML file...

Exploit for CVE-2023-2877

CVE-2023-2877 Formidable Forms 6.3.1 - Subscriber+ Remote...

Cross-site Scripting (XSS)

backdrop/backdrop is vulnerable to Cross-Site Scripting XSS. The vulnerability exist due to the lack of validation in the html elements when adding a post which allows an admin authenticated attacker to inject and execute malicious JavaScript when a user views a post...

CVE-2022-4060

The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it...

CVE-2022-4060 User Post Gallery <= 2.19 - Unauthenticated RCE

The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it...