11 matches found
CVE-2025-7058
The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
EUVD-2025-203215
The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-7058
The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-7058 Kingcabs <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter
The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-7058
CVE-2025-7058 affects the WordPress theme Kingcabs. The vulnerability is a Stored Cross‑Site Scripting (XSS) in the progressbarLayout parameter present in versions up to 1.1.9. Exploitation requires authenticated access at Contributor level or higher ; an attacker can inject scripts that execute ...
CVE-2025-7058 Kingcabs <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter
The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
WordPress plugin Kingcabs 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-51082
The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
WordPress Kingcabs plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via progressbarLayout Parameter vulnerability discovered by Peter Thaleikis in WordPress Theme Kingcabs versions = 1.1.9...
WordPress Kingcabs plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter vulnerability
Software : Kingcabs Type : Theme Vulnerable versions : = 1.1.9 Fixed in : 1.1.10 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-7058 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID :...
WordPress Kingcabs Theme <= 1.1.6 is vulnerable to Broken Access Control
Software Kingcabs Type Theme Vulnerable versions = 1.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 2d230f2e2cbf Credits Dave Jong Patchstack Required...