Vulnerability Details CVE-2021-25048
The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.0%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2021-25048
-
cpe:2.3:a:king-theme:kingcomposer:2.7.6
-
cpe:2.3:a:king-theme:kingcomposer:2.9.4