Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kingcomposer vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-0165
The Page Builder KingComposer WordPress plugin up to and including 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users
King-theme Kingcomposer
1 Github repository
6.1
CVSSv3
CVE-2020-15299
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin up to and including 2.9.4 for WordPress allows remote malicious users to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-pre...
King-theme Kingcomposer
5.4
CVSSv3
CVE-2021-25048
The KingComposer WordPress plugin up to and including 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them
King-theme Kingcomposer
6.1
CVSSv3
CVE-2019-9910
The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.
King-theme Kingcomposer 2.7.6
8.8
CVSSv3
CVE-2020-36700
The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated malicious users to...
King-theme Page Builder Kingcomposer
4.8
CVSSv3
CVE-2020-36709
The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions prior to 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated malicious users to inject arbitrary w...
King-theme Page Builder Kingcomposer
8.8
CVSSv3
CVE-2020-36701
The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authent...
King-theme Page Builder King Composer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3012
CVE-2024-30200
XXE
CVE-2023-24955
CVE-2023-42931
CVE-2024-29231
remote code execution
cross-site scripting
CVE-2024-0677
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started