Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Community by PeepSo – Social Network, Membership, Registration, User Profiles 6.3.1.1

  • Severity: medium-risk
  • Status: Open
  • Publication: January 9, 2024

The PeepSo plugin for WordPress, called “The Community,” has a security issue called Reflected Cross-Site Scripting. This is because it uses a function called add_query_arg without properly protecting the URL. This vulnerability exists in all versions of the plugin up to and including version 6.3.1.1. This means that someone who is not logged in could potentially insert harmful code onto a webpage if they can trick a user into clicking on a link.

Detected in:

Community by PeepSo – Download from PeepSo.com fixed vulnerable versions:
Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App fixed vulnerable versions:
Community by PeepSo – Social Network, Membership, Registration, User Profiles open vulnerable versions: >= * <= 6.3.1.1

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.