WordPress Page Builder KingComposer <=2.9.6 - Open Redirect

WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kcgetthumbn AJAX action which is available to both unauthenticated and authenticated users. id: CVE-2022-0165 info: name: WordPress Page Builder KingComposer =2.9.7 to...

D-Link - Remote Command Execution

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...

CVE-2017-20274

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

EUVD-2017-19001

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

CVE-2017-20274

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

CVE-2017-20274 Joomla LMS King Professional 3.2.4.0 SQL Injection via learningpath

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

CVE-2017-20274

CVE-2017-20274 affects Joomla LMS King Professional 3.2.4.0. It enables unauthenticated SQL injection via the cp_id parameter in index.php when using option=com_lmsking, view=lmsking, layout=learningpath, and task=learningPath, allowing manipulation of queries and extraction of sensitive database...

PT-2026-50955

Name of the Vulnerable Software and Affected Versions Joomla LMS King Professional version 3.2.4.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...

ManageEngine Desktop Central Java Deserialization

Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution. id: CVE-2020-10189 info: name: ManageEngine Desktop Central Java Deserialization author: king-alexander severity: critical description: | Zoho ManageEngine...

CVE-2026-48870

Subscriber Cross Site Scripting XSS in King Addons for Elementor = 51.1.62 versions...

EUVD-2026-36848

Subscriber Cross Site Scripting XSS in King Addons for Elementor = 51.1.62 versions...

CVE-2026-48870 WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in King Addons for Elementor = 51.1.62 versions...

CVE-2026-48870

CVE-2026-48870 affects the WordPress plugin King Addons for Elementor (versions

Cyber-Arena

CyberArena - Cybersecurity Challenge Platform CyberArena is a...

PT-2026-49478

Subscriber Cross Site Scripting XSS in King Addons for Elementor = 51.1.62 versions...

WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin King Addons for Elementor versions = 51.1.62...

CVE-2025-13535

The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. T...

EUVD-2025-209162

The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. T...

CVE-2025-13535

The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all versions up to, and including, 51.1.38. This is due to insufficient input sanitization and output escaping across multiple widgets and features. T...

CVE-2025-13535

CVE-2025-13535 – King Addons for Elementor (WordPress) is a DOM-Based Stored Cross-Site Scripting vulnerability affecting all versions up to 51.1.38. The root cause is inadequate input sanitization and output escaping across multiple widgets/features. The plugin uses esc_attr() and esc_url() insi...