Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Community by PeepSo – Social Network, Membership, Registration, User Profiles 6.0.9.0

  • Severity: medium-risk
  • Status: Open
  • Publication: May 12, 2023

The Community by PeepSo plugin for WordPress is vulnerable to a security flaw. In versions up to and including 6.0.9.0, attackers who are not logged into the site can create a link that tricks the site administrator into performing an action. This link could be used to duplicate user fields on the site without permission. It is caused by missing or incorrect nonce validation on the duplicate_field() function.

Detected in:

Community by PeepSo – Download from PeepSo.com fixed vulnerable versions:
Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App fixed vulnerable versions:
Community by PeepSo – Social Network, Membership, Registration, User Profiles open vulnerable versions: >= * <= 6.0.9.0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.