Code injection

2022-03-1415:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

41.7%

JSON

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users

CPENameOperatorVersion
kingcomposerle2.9.6

CPE	Name	Operator	Version
	kingcomposer	le	2.9.6

References

wpscan.com/vulnerability/906d0c31-370e-46b4-af1f-e52fbddd00cb

0.001 Low

EPSS

Percentile

41.7%

JSON

Related for PRION:CVE-2022-0165