Security Advisory

CVE-2022-0165

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-14 14:41:21

Last updated 2024-08-02 23:18:41

Assigner WPScan

State PUBLISHED

Description

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users

← Browse all CVEs View on cve.org ↗