6 matches found
CVE-2022-0165
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kcgetthumbn AJAX action available to both unauthenticated and authenticated users...
Exploit for Open Redirect in King-Theme Kingcomposer
Badges !MIT Licensehttps://img.shields.io/badge/Licens...
Exploit for Open Redirect in King-Theme Kingcomposer
CVE-2022-0165 - Page Builder KingComposer WordPress Plugin - I...
CVE-2022-0165
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kcgetthumbn AJAX action available to both unauthenticated and authenticated users...
CVE-2022-0165 Page Builder KingComposer <= 2.9.6 - Open Redirect
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kcgetthumbn AJAX action available to both unauthenticated and authenticated users...
CVE-2022-0165
Summary: WordPress Page Builder KingComposer plugin (versions ≤ 2.9.6) has an open redirect caused by a lack of validation of the id parameter in the kc_get_thumbn AJAX action, which is accessible to both unauthenticated and authenticated users. Impact: attackers can redirect users to malicious s...