Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Community by PeepSo – Social Network, Membership, Registration, User Profiles 6.2.6.0

  • Severity: medium-risk
  • Status: Open
  • Publication: November 24, 2023

The Community by PeepSo plugin for WordPress is vulnerable to an attack known as Reflected Cross-Site Scripting. This type of attack is possible when a user clicks on a link that has been created with malicious code. The vulnerability exists in all versions up to 6.2.6.0 and can be exploited because of the plugin’s insufficient input sanitization and output escaping. This means that unauthenticated attackers can inject arbitrary web scripts into pages that will be executed if a user clicks on the malicious link.

Detected in:

Community by PeepSo – Download from PeepSo.com fixed vulnerable versions:
Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App fixed vulnerable versions:
Community by PeepSo – Social Network, Membership, Registration, User Profiles open vulnerable versions: >= * <= 6.2.6.0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.