Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PeepSo — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting PeepSo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PeepSo is a WordPress plugin enabling social network functionality on websites. Historically, it has faced multiple security issues with 17 CVEs recorded, commonly involving stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. These flaws often stem from insufficient input validation and improper access controls. Notable characteristics include its extensive user base and frequent updates addressing security findings. The plugin's popularity has made it a target for exploitation, with some vulnerabilities allowing complete site compromise. While recent versions have improved security, the historical vulnerability count remains a concern for administrators implementing this solution.

Top products by PeepSo: Community by PeepSo – Social Network, Membership, Registration, User Profiles Community by PeepSo – Download from PeepSo.com Community by PeepSo Download Community by PeepSo PeepSo Core: File Uploads PeepSo Core: Groups
CVE IDTitleCVSSSeverityPublished
CVE-2024-9017 PeepSo Core: Groups <= 6.4.6.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Group Description — PeepSo Core: GroupsCWE-79 6.4 Medium2025-07-03
CVE-2024-8988 PeepSo Core: File Uploads <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_download — PeepSo Core: File UploadsCWE-639 5.3 Medium2025-05-14
CVE-2024-11447 Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App <=7.0.3.0 - Reflected Cross-Site Scripting — Community by PeepSo – Download from PeepSo.comCWE-79 6.1 Medium2024-11-21
CVE-2024-9873 Community by PeepSo <= 6.4.6.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Community by PeepSo – Download from PeepSo.comCWE-79 5.4 Medium2024-10-16
CVE-2024-7426 Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.6.0 - Unauthenticated Full Path Disclosure — Community by PeepSo – Download from PeepSo.comCWE-200 5.3 Medium2024-09-25
CVE-2024-7655 Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting — Community by PeepSo – Download from PeepSo.comCWE-79 4.4 Medium2024-09-10
CVE-2024-7618 Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via content Parameter — Community by PeepSo – Download from PeepSo.comCWE-79 4.4 Medium2024-09-10
CVE-2024-31251 WordPress Community by PeepSo plugin <= 6.3.1.1 - Cross Site Request Forgery (CSRF) vulnerability — Community by PeepSoCWE-352 4.3 Medium2024-04-12
CVE-2024-25923 WordPress Community by PeepSo plugin <= 6.2.7.0 - Sensitive Data Exposure via Log File vulnerability — Community by PeepSoCWE-532 5.3 Medium2024-03-28
CVE-2023-27630 WordPress Community by PeepSo plugin <= 6.0.9.0 - Server Information Disclosure — Community by PeepSoCWE-200 5.3 Medium2024-03-26
CVE-2024-22158 WordPress PeepSo Core: Photos Plugin < 6.3.1.0 is vulnerable to Cross Site Scripting (XSS) — Community by PeepSo – Social Network, Membership, Registration, User ProfilesCWE-79 6.5 Medium2024-01-31
CVE-2023-48746 WordPress Community by PeepSo Plugin <= 6.2.6.0 is vulnerable to Cross Site Scripting (XSS) — Community by PeepSo – Social Network, Membership, Registration, User ProfilesCWE-79 7.1 High2023-11-30
CVE-2023-47850 WordPress Community by PeepSo Plugin <= 6.2.2.0 is vulnerable to Cross Site Scripting (XSS) — Community by PeepSo – Social Network, Membership, Registration, User ProfilesCWE-79 6.5 Medium2023-11-30
CVE-2023-39925 WordPress Community by PeepSo Plugin <= 6.1.6.0 is vulnerable to Cross Site Request Forgery (CSRF) — Download Community by PeepSoCWE-352 5.4 Medium2023-11-22
CVE-2023-32092 WordPress Community by PeepSo Plugin <= 6.0.9.0 is vulnerable to Cross Site Request Forgery (CSRF) — Community by PeepSo – Social Network, Membership, Registration, User ProfilesCWE-352 4.3 Medium2023-11-09
CVE-2023-25967 WordPress Community by PeepSo Plugin <= 6.0.2.0 is vulnerable to Cross Site Request Forgery (CSRF) — Community by PeepSoCWE-352 4.3 Medium2023-05-03
CVE-2022-41633 WordPress Community by PeepSo Plugin <= 6.0.2.0 is vulnerable to Cross Site Request Forgery (CSRF) — Community by PeepSo – Social Network, Membership, Registration, User ProfilesCWE-352 5.4 Medium2023-04-04

This page lists every published CVE security advisory associated with PeepSo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.