Vulnerabilities (CVE)

Filtered by vendor King-theme Subscribe

Filtered by product Kingcomposer

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-15299	1 King-theme	1 Kingcomposer	2020-07-13	4.3 MEDIUM	6.1 MEDIUM
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim's browser.
CVE-2019-9910	1 King-theme	1 Kingcomposer	2019-03-25	4.3 MEDIUM	6.1 MEDIUM
The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.