91 matches found
CVE-2019-9910
The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS...
CVE-2020-36701
The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'processbulkaction' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level...
CVE-2020-36700
The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...
Exploit for Open Redirect in King-Theme Kingcomposer
Badges !MIT Licensehttps://img.shields.io/badge/Licens...
The vulnerability in the admin-ajax.php plugin’s script for creating pages using the Page Builder tool of the WordPress content management system. This vulnerability allows a hacker to redirect users to an arbitrary URL address.
The vulnerability in the admin-ajax.php plugin’s page creation script, developed by KingComposer, a WordPress content management system, relates to the use of open redirection during the processing of the kcgetthumbn parameter. Exploiting this vulnerability could allow an attacker to redirect use...
WordPress Page Builder KingComposer 2.9.6 Cross Site Scripting
==================================================================================================================================== | Title : WordPress Page Builder KingComposer 2.9.6 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
WordPress Page Builder KingComposer 2.8.1 Cross Site Scripting
==================================================================================================================================== | Title : WordPress Page Builder KingComposer 2.8.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
WordPress Page Builder KingComposer 2.9.6 Open Redirection
==================================================================================================================================== | Title : WordPress Page Builder KingComposer 2.9.6 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
WordPress Page Builder KingComposer 2.9.5 Open Redirection
==================================================================================================================================== | Title : WordPress Page Builder KingComposer 2.9.5 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
WordPress Plugin Page Builder: KingComposer Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Page Builder: KingComposer, which is caused by incorrect validation of...
CVE-2020-36701
The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'processbulkaction' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level...
CVE-2020-36701
The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'processbulkaction' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level...
CVE-2020-36709
The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...
CVE-2020-36700
The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...
Code injection
The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'processbulkaction' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level...
Authorization
The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...
CVE-2020-36709 Page Builder: KingComposer < 2.9.4 - Stored Cross-Site Scripting
The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...
CVE-2020-36709 Page Builder: KingComposer < 2.9.4 - Stored Cross-Site Scripting
The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...
CVE-2020-36709
Summary (CVE-2020-36709) : The WordPress plugin Page Builder: KingComposer is affected by a stored cross-site scripting vulnerability in versions prior to 2.9.4, caused by insufficient input sanitization and output escaping in the KingComposer shortcode. Authenticated attackers could inject arbit...
CVE-2020-36701
CVE-2020-36701 concerns the WordPress plugin Page Builder: KingComposer . The vulnerability is Arbitrary File Upload via the function process_bulk_action in kingcomposer/includes/kc.extensions.php , affecting versions up to and including 2.9.3 . authenticated users with author+ permissions can up...