Kingcomposer Security Vulnerabilities and Issues — Kingcomposer CVE List

Lucene search

King-themeKingcomposer

4 matches found

CVE•added 2022/03/14 3:15 p.m.•138 views

CVE-2022-0165

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users

6.1CVSS7.3AI score0.52255EPSS

CVE•added 2022/04/04 4:15 p.m.•74 views

CVE-2021-25048

The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them

5.4CVSS5.3AI score0.00435EPSS

CVE•added 2020/07/09 7:15 p.m.•53 views

CVE-2020-15299

A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is exec...

6.1CVSS6AI score0.01472EPSS

CVE•added 2019/03/22 12:29 a.m.•41 views

CVE-2019-9910

The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.

6.1CVSS6.3AI score0.00243EPSS