Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Kingcomposer Security Vulnerabilities - February

cve
cve

CVE-2019-9910

The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.

6.1CVSS

6.3AI Score

0.002EPSS

2019-03-22 12:29 AM
31
cve
cve

CVE-2020-15299

A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is exec...

6.1CVSS

6AI Score

0.001EPSS

2020-07-09 07:15 PM
42
cve
cve

CVE-2021-25048

The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them

5.4CVSS

5.3AI Score

0.001EPSS

2022-04-04 04:15 PM
64
cve
cve

CVE-2022-0165

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users

6.1CVSS

6.4AI Score

0.001EPSS

2022-03-14 03:15 PM
117