cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-36709,https://securityvulnerability.io/vulnerability/CVE-2020-36709,Stored Cross-Site Scripting in KingComposer Plugin for WordPress,"The KingComposer plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping in shortcodes. This allows authenticated attackers to craft malicious scripts that can be injected into web pages. When users access these compromised pages, the injected scripts are executed, potentially leading to unauthorized actions or data exposure.",Wordpress,Page Builder: Kingcomposer – Free Drag And Drop Page Builder By King-theme,5.5,MEDIUM,0.0008900000248104334,false,,false,false,false,,false,false,2023-06-07T01:51:23.813Z,0
CVE-2020-36701,https://securityvulnerability.io/vulnerability/CVE-2020-36701,Arbitrary File Upload Vulnerability in KingComposer Plugin for WordPress,"The KingComposer plugin for WordPress, versions up to and including 2.9.3, contains a vulnerability that allows authenticated users with author level permissions and higher to upload arbitrary files. This occurs through the 'process_bulk_action' function located in 'kingcomposer/includes/kc.extensions.php'. Such file uploads pose a significant risk as they can potentially lead to remote code execution on the server, compromising the integrity and security of the website.",Wordpress,Page Builder: Kingcomposer – Free Drag And Drop Page Builder By King-theme,8.8,HIGH,0.003100000089034438,false,,false,false,false,,false,false,2023-06-07T01:51:18.346Z,0
CVE-2020-36700,https://securityvulnerability.io/vulnerability/CVE-2020-36700,Authorization Bypass in KingComposer Plugin for WordPress,"The KingComposer plugin for WordPress is susceptible to an authorization bypass due to a leaked security nonce on the '/wp-admin/index.php' page. This vulnerability allows authenticated attackers to manipulate WordPress settings, remove files and folders, and inject malicious content into affected sites. Successful exploitation of this flaw could lead to significant security breaches on WordPress installations utilizing this plugin.",Wordpress,Page Builder: Kingcomposer – Free Drag And Drop Page Builder By King-theme,8.8,HIGH,0.0026700000744313,false,,false,false,false,,false,false,2023-06-07T01:51:14.187Z,0
CVE-2021-25048,https://securityvulnerability.io/vulnerability/CVE-2021-25048,KingComposer <= 2.9.6 - Subscriber+ Stored Cross-Site Scripting,"The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them",Wordpress,Page Builder: Kingcomposer – Free Drag And Drop Page Builder By King-theme,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-04-04T15:35:37.000Z,0
CVE-2022-0165,https://securityvulnerability.io/vulnerability/CVE-2022-0165,Page Builder KingComposer <= 2.9.6 - Open Redirect,The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users,Wordpress,Page Builder: Kingcomposer – Free Drag And Drop Page Builder By King-theme,6.1,MEDIUM,0.0010999999940395355,false,,false,false,true,true,false,false,2022-03-14T14:41:21.000Z,0
CVE-2020-15299,https://securityvulnerability.io/vulnerability/CVE-2020-15299,,A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim's browser.,Wordpress,Kingcomposer,6.1,MEDIUM,0.0019399999873712659,false,,false,false,false,,false,false,2020-07-09T18:13:45.000Z,0
CVE-2019-9910,https://securityvulnerability.io/vulnerability/CVE-2019-9910,,The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.,Wordpress,Kingcomposer,6.1,MEDIUM,0.0022499999031424522,false,,false,false,false,,false,false,2019-03-22T00:29:00.000Z,0