Published: 14/03/2022 Updated: 27/03/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

The Page Builder KingComposer WordPress plugin up to and including 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users

Vulnerable Product	Search on Vulmon	Subscribe to Product
king-theme kingcomposer

A PoC exploit for CVE-2022-0165 - Page Builder KingComposer WordPress Plugin - ID Parameter Validation Bypass

CVE-2022-0165 - Page Builder KingComposer WordPress Plugin - ID Parameter Validation Bypass The Page Builder KingComposer WordPress plugin, versions up to and including 296, is susceptible to a security vulnerability that allows an attacker to bypass ID parameter validation This could lead to unauthorized redirection of users via the kc_get_thumbn AJAX action This vulnerabi

CWE-601 https://wpscan.com/vulnerability/906d0c31-370e-46b4-af1f-e52fbddd00cb https://nvd.nist.gov https://github.com/K3ysTr0K3R/CVE-2022-0165-EXPLOIT

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-0165

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect