WordPress Plugin Vulnerabilities

PeepSo Core: Photos < 6.3.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description

The PeepSo Core: Photos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to 6.3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affects Plugins

Plugin icon
peepso-photos
Fixed in 6.3.1.0

References

CVE
CVE-2024-22158
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/fad492f4-7112-4f4f-8825-c42aab552c9b

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.4 (medium)

Miscellaneous

Original Researcher
Bikram Kharal
Verified
No
WPVDB ID
4b311aa4-6619-419d-85bc-dcba788ce793

Timeline

Publicly Published
2024-01-16 (about 2 years ago)
Added
2024-01-19 (about 2 years ago)
Last Updated
2024-01-19 (about 2 years ago)

Other

Published
Title
Published
2021-11-29
Title
MOLIE <= 0.5 - Reflected Cross-Site Scripting
Published
2016-01-26
Title
WP Easy Gallery <= 4.1.4 - Reflected Cross-Site Scripting (XSS)
Published
2025-10-17
Title
Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns < 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2020-09-09
Title
LearnPress < 3.2.7.3 - CSRF & XSS
Published
2024-06-26
Title
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce < 5.6.1- Authenticated (Contributor+) Stored Cross-Site Scripting