A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin up to and including 2.9.4 for WordPress allows remote malicious users to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim's browser.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
king-theme kingcomposer |