CVE-2022-0165

🗓️ 14 Mar 2022 14:41:21Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 173 Views🌐 WEB

The KingComposer WordPress plugin through 2.9.6 has a validation flaw

Reporter	Title	Published	Views	Family All 17
GithubExploit	Exploit for Open Redirect in King-Theme Kingcomposer	29 May 202404:00	–	githubexploit
GithubExploit	Exploit for Open Redirect in King-Theme Kingcomposer	9 Aug 202311:53	–	githubexploit
ATTACKERKB	CVE-2022-0165	14 Mar 202215:15	–	attackerkb
BDU FSTEC	The vulnerability in the admin-ajax.php plugin’s script for creating pages using the Page Builder tool of the WordPress content management system. This vulnerability allows a hacker to redirect users to an arbitrary URL address.	28 Oct 202300:00	–	bdu_fstec
Circl	CVE-2022-0165	14 Mar 202217:18	–	circl
CNNVD	WordPress plugin 输入验证错误漏洞	14 Mar 202200:00	–	cnnvd
CNVD	WordPress Page Builder KingComposer plugin access control error vulnerability	16 Mar 202200:00	–	cnvd
Cvelist	CVE-2022-0165 Page Builder KingComposer <= 2.9.6 - Open Redirect	14 Mar 202214:41	–	cvelist
Nuclei	WordPress Page Builder KingComposer <=2.9.6 - Open Redirect	28 Jun 202603:02	–	nuclei
NVD	CVE-2022-0165	14 Mar 202215:15	–	nvd

NVD

Vulners

Node

king-theme kingcomposerRange≤2.9.6wordpress

[
  {
    "product": "Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "2.9.6",
        "status": "affected",
        "version": "2.9.6",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/906d0c31-370e-46b4-af1f-e52fbddd00cb

Parameter	Position	Path	Description	CWE
id	query param	/wp-admin/admin-ajax.php	Unvalidated id parameter in kc_get_thumbn AJAX action allows redirect to arbitrary URL.	CWE-601

17 Jun 2026 04:20Current

7.3High risk

Vulners AI Score7.3

CVSS 25.8

CVSS 3.16.1

EPSS0.0428

CWE-601