91 matches found
CVE-2026-12349
The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This is due to missing authorization and capability checks on the addcustomsidebar and removecustomsidebar AJAX handlers, both of which are...
CVE-2026-12349
The CVE-2026-12349 entry concerns the WordPress plugin Premium Addons for KingComposer (versions up to and including 1.1.1). It describes missing authorization and capability checks on two AJAX handlers, add_custom_sidebar() and remove_custom_sidebar(), which are exposed via wp_ajax_nopriv_* and ...
EUVD-2026-40252
The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and including, 1.1.1. This is due to missing authorization and capability checks on the addcustomsidebar and removecustomsidebar AJAX handlers, both of which are...
WordPress Premium Addons for KingComposer plugin <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Premium Addons for KingComposer versions = 1.1.1...
CVE-2022-0165
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kcgetthumbn AJAX action available to both unauthenticated and authenticated users...
EUVD-2020-7296
Malware in sbrugna...
EUVD-2021-11960
Malware in sbrugna...
EUVD-2020-24151
Malware in sbrugna...
EUVD-2019-19265
Malware in sbrugna...
EUVD-2020-24142
Malware in sbrugna...
EUVD-2020-24143
Malware in sbrugna...
EUVD-2025-24753
Malicious code in bioql PyPI...
CVE-2025-49036
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This issue affects Premium Addons for KingComposer: from n/a...
CVE-2025-49036
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This issue affects Premium Addons for KingComposer: from n/a...
CVE-2025-49036 WordPress Premium Addons for KingComposer Plugin <= 1.1.1 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This issue affects Premium Addons for KingComposer: from n/a...
CVE-2025-49036 WordPress Premium Addons for KingComposer Plugin <= 1.1.1 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This issue affects Premium Addons for KingComposer: from n/a...
PT-2025-33176 · WordPress · Octagonwebstudio Premium Addons For Kingcomposer
Name of the Vulnerable Software and Affected Versions: octagonwebstudio Premium Addons for KingComposer versions through 1.1.1 Description: A flaw exists in the file handling mechanism within octagonwebstudio Premium Addons for KingComposer, allowing for PHP Local File Inclusion. This issue stems...
WordPress plugin Premium Addons for KingComposer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2021-25048
The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them...
CVE-2020-36709
The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...