Lucene search
K
King-themeKingcomposer

4 matches found

CVE
CVE
added 2022/03/14 2:41 p.m.176 views

CVE-2022-0165

Summary: WordPress Page Builder KingComposer plugin (versions ≤ 2.9.6) has an open redirect caused by a lack of validation of the id parameter in the kc_get_thumbn AJAX action, which is accessible to both unauthenticated and authenticated users. Impact: attackers can redirect users to malicious s...

6.1CVSS7.3AI score0.0428EPSS
Web
CVE
CVE
added 2022/04/04 3:35 p.m.89 views

CVE-2021-25048

The CVE-2021-25048 entry concerns the WordPress KingComposer plugin (versions up to 2.9.6). The vulnerability is a stored cross-site scripting (XSS) flaw resulting from missing authorization checks, CSRF protection, and input sanitisation when creating profiles, allowing any authenticated user to...

5.4CVSS5.3AI score0.00627EPSS
Web
CVE
CVE
added 2020/07/09 6:13 p.m.68 views

CVE-2020-15299

The CVE-2020-15299 entry is a real XSS flaw in the WordPress KingComposer plugin, affecting versions up to 2.9.4. The vulnerability allows remote attackers to lure a user into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (kc-online-preset-data) that is exe...

6.1CVSS6AI score0.4696EPSS
CVE
CVE
added 2019/03/21 11:1 p.m.51 views

CVE-2019-9910

The CVE-2019-9910 entry concerns the WordPress KingComposer plugin, version 2.7.6, which is affected by a cross-site scripting (XSS) vulnerability via the wp-admin/admin.php?page=kc-mapper id parameter. Multiple connected sources corroborate the vulnerability in KingComposer 2.7.6 and describe it...

6.1CVSS6.3AI score0.01389EPSS
Web