Stored Cross-Site Scripting vulnerability in PeepSo's Social Network plugin
CVE-2024-7618

4.8MEDIUM

Summary

The PeepSo plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) attacks due to a lack of sufficient input sanitization and output escaping in the 'content' parameter. This vulnerability affects all versions of the plugin up to and including version 6.4.5.0 and can be exploited by authenticated attackers with administrator-level access. When triggered, the vulnerability allows attackers to embed malicious scripts in web pages, which execute whenever any user accesses those affected pages. The risk is elevated in multi-site installations and configurations where the unfiltered_html option is disabled, increasing the potential for unauthorized script execution.

Affected Version(s)

Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App * <= 6.4.5.0

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tieu Pham Trong Nhan
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.