The KingComposer WordPress plugin up to and including 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
king-theme kingcomposer |