Lucene search
+L

91 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:59 a.m.10 views

CVE-2019-9910

The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS...

6.1CVSS7.1AI score0.01389EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:10 p.m.9 views

CVE-2020-36701

The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'processbulkaction' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level...

8.8CVSS7.1AI score0.01531EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:7 p.m.12 views

CVE-2020-36700

The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...

8.8CVSS6.7AI score0.01186EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2024/05/29 4:0 a.m.546 views

Exploit for Open Redirect in King-Theme Kingcomposer

Badges !MIT Licensehttps://img.shields.io/badge/Licens...

6.1CVSS6.3AI score0.0428EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2023/10/28 12:0 a.m.7 views

The vulnerability in the admin-ajax.php plugin’s script for creating pages using the Page Builder tool of the WordPress content management system. This vulnerability allows a hacker to redirect users to an arbitrary URL address.

The vulnerability in the admin-ajax.php plugin’s page creation script, developed by KingComposer, a WordPress content management system, relates to the use of open redirection during the processing of the kcgetthumbn parameter. Exploiting this vulnerability could allow an attacker to redirect use...

7.5CVSS6.4AI score0.0428EPSS
Exploits4References6Affected Software1
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.282 views

WordPress Page Builder KingComposer 2.9.6 Cross Site Scripting

==================================================================================================================================== | Title : WordPress Page Builder KingComposer 2.9.6 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/25 12:0 a.m.218 views

WordPress Page Builder KingComposer 2.8.1 Cross Site Scripting

==================================================================================================================================== | Title : WordPress Page Builder KingComposer 2.8.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/24 12:0 a.m.274 views

WordPress Page Builder KingComposer 2.9.6 Open Redirection

==================================================================================================================================== | Title : WordPress Page Builder KingComposer 2.9.6 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/21 12:0 a.m.289 views

WordPress Page Builder KingComposer 2.9.5 Open Redirection

==================================================================================================================================== | Title : WordPress Page Builder KingComposer 2.9.5 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

7.1AI score
Exploits0
CNVD
CNVD
added 2023/06/13 12:0 a.m.7 views

WordPress Plugin Page Builder: KingComposer Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Page Builder: KingComposer, which is caused by incorrect validation of...

5.5CVSS6.2AI score0.00642EPSS
Exploits1References1
OSV
OSV
added 2023/06/07 2:15 a.m.2 views

CVE-2020-36701

The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'processbulkaction' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level...

8.8CVSS6AI score0.01531EPSS
Exploits1References4
NVD
NVD
added 2023/06/07 2:15 a.m.23 views

CVE-2020-36701

The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'processbulkaction' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level...

8.8CVSS8.7AI score0.01531EPSS
Exploits1References4
OSV
OSV
added 2023/06/07 2:15 a.m.0 views

CVE-2020-36709

The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...

4.8CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2023/06/07 2:15 a.m.7 views

CVE-2020-36700

The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...

8.8CVSS5.9AI score0.01186EPSS
Exploits1References4
Prion
Prion
added 2023/06/07 2:15 a.m.17 views

Code injection

The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'processbulkaction' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level...

6.5CVSS8.6AI score0.01531EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/06/07 2:15 a.m.18 views

Authorization

The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...

6.5CVSS8.4AI score0.01186EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.17 views

CVE-2020-36709 Page Builder: KingComposer < 2.9.4 - Stored Cross-Site Scripting

The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...

5.5CVSS6.1AI score0.00642EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.22 views

CVE-2020-36709 Page Builder: KingComposer < 2.9.4 - Stored Cross-Site Scripting

The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...

5.5CVSS5.1AI score0.00642EPSS
Exploits1References3
CVE
CVE
added 2023/06/07 1:51 a.m.37 views

CVE-2020-36709

Summary (CVE-2020-36709) : The WordPress plugin Page Builder: KingComposer is affected by a stored cross-site scripting vulnerability in versions prior to 2.9.4, caused by insufficient input sanitization and output escaping in the KingComposer shortcode. Authenticated attackers could inject arbit...

5.5CVSS4.7AI score0.00642EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/06/07 1:51 a.m.42 views

CVE-2020-36701

CVE-2020-36701 concerns the WordPress plugin Page Builder: KingComposer . The vulnerability is Arbitrary File Upload via the function process_bulk_action in kingcomposer/includes/kc.extensions.php , affecting versions up to and including 2.9.3 . authenticated users with author+ permissions can up...

8.8CVSS8.6AI score0.01531EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder