The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated malicious users to change arbitrary WordPress options, delete arbitrary files/folders, and inject arbitrary content.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
king-theme page builder kingcomposer |