cbcvebase.

King-Theme Kingcomposer vulnerabilities

4 known vulnerabilities affecting king-theme/kingcomposer.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2022-0165P3MEDIUMCVSS 6.1PoC≤ 2.9.62022-03-14
CVE-2022-0165 [MEDIUM] CWE-601 CVE-2022-0165: The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter befo The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users
nvd
CVE-2020-15299P3MEDIUMCVSS 6.1≤ 2.9.42020-07-09
CVE-2020-15299 [MEDIUM] CWE-79 CVE-2020-15299: A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for Wo A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim's browser.
nvd
CVE-2019-9910P4MEDIUMCVSS 6.1v2.7.62019-03-22
CVE-2019-9910 [MEDIUM] CWE-79 CVE-2019-9910: The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS. The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.
nvd
CVE-2021-25048P4MEDIUMCVSS 5.4≤ 2.9.62022-04-04
CVE-2021-25048 [MEDIUM] CWE-79 CVE-2021-25048: The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/e The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them
nvd
King-Theme Kingcomposer vulnerabilities | cvebase