Lucene search
WPScanCVELIST:CVE-2022-0165HistoryMar 14, 2022 - 2:41 p.m.
CVE-2022-0165 Page Builder KingComposer <= 2.9.6 - Open Redirect
2022-03-1414:41:21
CWE-601
WPScan
www.cve.org
1
0.001 Low
EPSS
Percentile
41.7%
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users
CNA Affected
[
{
"product": "Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "2.9.6",
"status": "affected",
"version": "2.9.6",
"versionType": "custom"
}
]
}
]Related
prion
prion
Code injection
2022-03-14 15:15:00
githubexploit
githubexploit
Exploit for Open Redirect in King-Theme Kingcomposer
2023-08-09 11:53:18
Exploit for Open Redirect in King-Theme Kingcomposer
2024-05-29 04:00:25
nvd
nvd
CVE-2022-0165
2022-03-14 15:15:09
wpvulndb
wpvulndb
Page Builder KingComposer <= 2.9.6 - Open Redirect
2022-02-16 00:00:00
wpexploit
wpexploit
Page Builder KingComposer <= 2.9.6 - Open Redirect
2022-02-16 00:00:00
patchstack
patchstack
WordPress KingComposer plugin <= 2.9.6 - Open Redirect vulnerability
2022-02-16 00:00:00
nuclei
nuclei
WordPress Page Builder KingComposer <=2.9.6 - Open Redirect
2022-05-05 16:55:21
cve
cve
CVE-2022-0165
2022-03-14 15:15:09