Stored Cross-Site Scripting vulnerability in PeepSo's Social Network plugin
CVE-2024-7618
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 10 September 2024
Summary
The PeepSo plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) attacks due to a lack of sufficient input sanitization and output escaping in the 'content' parameter. This vulnerability affects all versions of the plugin up to and including version 6.4.5.0 and can be exploited by authenticated attackers with administrator-level access. When triggered, the vulnerability allows attackers to embed malicious scripts in web pages, which execute whenever any user accesses those affected pages. The risk is elevated in multi-site installations and configurations where the unfiltered_html option is disabled, increasing the potential for unauthorized script execution.
Affected Version(s)
Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App * <= 6.4.5.0
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved