CVE-2021-25048

Summary

The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them

Affected Software

VendorProductVersion RangeStatus
UnknownPage Builder: KingComposer – Free Drag and Drop page builder by King-Theme2.9.6 <= 2.9.6affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References