Kingcomposer

kingcomposer

Vendor: King Theme • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-25048 1King Theme 1Kingcomposer Nov 21, 2024 Apr 4, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payl...Show more The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in themShow less
CVE-2022-0165 1King Theme 1Kingcomposer Nov 21, 2024 Mar 14, 2022 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated user...Show more The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated usersShow less
CVE-2020-15299 1King Theme 1Kingcomposer Nov 21, 2024 Jul 9, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base6...Show more A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim's browser.Show less
CVE-2019-9910 1King Theme 1Kingcomposer Jun 17, 2026 Mar 22, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.