Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbKrzysztof ZającWPVDB-ID:906D0C31-370E-46B4-AF1F-E52FBDDD00CB
HistoryFeb 16, 2022 - 12:00 a.m.

Page Builder KingComposer <= 2.9.6 - Open Redirect

2022-02-1600:00:00
Krzysztof Zając
wpscan.com
18
page builder kingcomposer
open redirect
ajax action

EPSS

0.001

Percentile

41.5%

JSON

The plugin does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users

PoC

https://example.com/wp-admin/admin-ajax.php?action=kc_get_thumbn&amp;id;=https://wpscan.com

Related

prion 1
githubexploit 2
nvd 1
cve 1
cvelist 1
patchstack 1
wpexploit 1
nuclei 1
prion
prion
Code injection
2022-03-14 15:15:00
githubexploit
githubexploit
Exploit for Open Redirect in King-Theme Kingcomposer
2023-08-09 11:53:18
Exploit for Open Redirect in King-Theme Kingcomposer
2024-05-29 04:00:25
nvd
nvd
CVE-2022-0165
2022-03-14 15:15:09
cve
cve
CVE-2022-0165
2022-03-14 15:15:09
cvelist
cvelist
CVE-2022-0165 Page Builder KingComposer <= 2.9.6 - Open Redirect
2022-03-14 14:41:21
patchstack
patchstack
WordPress KingComposer plugin <= 2.9.6 - Open Redirect vulnerability
2022-02-16 00:00:00
wpexploit
wpexploit
Page Builder KingComposer <= 2.9.6 - Open Redirect
2022-02-16 00:00:00
nuclei
nuclei
WordPress Page Builder KingComposer <=2.9.6 - Open Redirect
2022-05-05 16:55:21

EPSS

0.001

Percentile

41.5%

JSON
Related for WPVDB-ID:906D0C31-370E-46B4-AF1F-E52FBDDD00CB
prion1githubexploit2nvd1cve1cvelist1patchstack1wpexploit1nuclei1