Lucene search
K

91 matches found

NVD
NVD
added 2026/06/30 6:16 a.m.10 views

CVE-2026-12349

The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This is due to missing authorization and capability checks on the addcustomsidebar and removecustomsidebar AJAX handlers, both of which are...

5.3CVSS0.00239EPSS
Exploits0References6
CVE
CVE
added 2026/06/30 4:30 a.m.18 views

CVE-2026-12349

The CVE-2026-12349 entry concerns the WordPress plugin Premium Addons for KingComposer (versions up to and including 1.1.1). It describes missing authorization and capability checks on two AJAX handlers, add_custom_sidebar() and remove_custom_sidebar(), which are exposed via wp_ajax_nopriv_* and ...

5.3CVSS5.9AI score0.00239EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/30 4:30 a.m.6 views

EUVD-2026-40252

The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This is due to missing authorization and capability checks on the addcustomsidebar and removecustomsidebar AJAX handlers, both of which are...

5.3CVSS5.9AI score0.00239EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/29 4:17 p.m.6 views

WordPress Premium Addons for KingComposer plugin <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Premium Addons for KingComposer versions = 1.1.1...

5.3CVSS5.8AI score0.00239EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.11 views

CVE-2022-0165

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kcgetthumbn AJAX action available to both unauthenticated and authenticated users...

6.1CVSS6.7AI score0.0428EPSS
Exploits4References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-7296

Malware in sbrugna...

6.1CVSS6.2AI score0.4696EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11960

Malware in sbrugna...

5.4CVSS5.4AI score0.00627EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-24151

Malware in sbrugna...

5.5CVSS5.3AI score0.00642EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-19265

Malware in sbrugna...

6.1CVSS6.3AI score0.01389EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-24142

Malware in sbrugna...

8.8CVSS8.6AI score0.01186EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-24143

Malware in sbrugna...

8.8CVSS8.6AI score0.01531EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24753

Malicious code in bioql PyPI...

8.1CVSS6.5AI score0.00434EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/16 11:25 a.m.4 views

CVE-2025-49036

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This issue affects Premium Addons for KingComposer: from n/a...

8.1CVSS5.9AI score0.00434EPSS
Exploits0References1
NVD
NVD
added 2025/08/14 11:15 a.m.3 views

CVE-2025-49036

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This issue affects Premium Addons for KingComposer: from n/a...

8.1CVSS0.00434EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/14 10:34 a.m.11 views

CVE-2025-49036 WordPress Premium Addons for KingComposer Plugin <= 1.1.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This issue affects Premium Addons for KingComposer: from n/a...

8.1CVSS0.00434EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 10:34 a.m.1 views

CVE-2025-49036 WordPress Premium Addons for KingComposer Plugin <= 1.1.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This issue affects Premium Addons for KingComposer: from n/a...

8.1CVSS5.3AI score0.00434EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.3 views

PT-2025-33176 · WordPress · Octagonwebstudio Premium Addons For Kingcomposer

Name of the Vulnerable Software and Affected Versions: octagonwebstudio Premium Addons for KingComposer versions through 1.1.1 Description: A flaw exists in the file handling mechanism within octagonwebstudio Premium Addons for KingComposer, allowing for PHP Local File Inclusion. This issue stems...

8.1CVSS6.4AI score0.00434EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.3 views

WordPress plugin Premium Addons for KingComposer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.1CVSS6.4AI score0.00434EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:29 p.m.7 views

CVE-2021-25048

The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them...

5.4CVSS6.2AI score0.00627EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:33 p.m.7 views

CVE-2020-36709

The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...

5.5CVSS5.8AI score0.00642EPSS
Exploits1References1
Rows per page
Query Builder