Cross site scripting

2023-06-0702:15:00

PRIOn knowledge base

www.prio-n.com

page builder

wordpress

cross-site scripting

stored xss

input sanitization

output escaping

authentication bypass

0.001 Low

EPSS

Percentile

39.5%

JSON

The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CPENameOperatorVersion
page_builder_kingcomposerlt2.9.4

CPE	Name	Operator	Version
	page_builder_kingcomposer	lt	2.9.4

References

blog.nintechnet.com/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities/

wpsocket.com/plugin/kingcomposer/changelog/

www.wordfence.com/threat-intel/vulnerabilities/id/6447de64-b484-4f64-ad78-7df81b5a0ed7?source=cve

0.001 Low

EPSS

Percentile

39.5%

JSON

Related for PRION:CVE-2020-36709