CVE-2021-25048
N/A
N/A
Summary
The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme | 2.9.6 <= 2.9.6 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.