2 matches found
CVE-2020-36709 Page Builder: KingComposer < 2.9.4 - Stored Cross-Site Scripting
The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...
CVE-2020-36709
Summary (CVE-2020-36709) : The WordPress plugin Page Builder: KingComposer is affected by a stored cross-site scripting vulnerability in versions prior to 2.9.4, caused by insufficient input sanitization and output escaping in the KingComposer shortcode. Authenticated attackers could inject arbit...