Vulnerability Details CVE-2022-0165
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users
Exploit prediction scoring system (EPSS) score
EPSS Score 0.523
EPSS Ranking 97.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
References
Products affected by CVE-2022-0165
-
cpe:2.3:a:king-theme:kingcomposer:2.7.6
-
cpe:2.3:a:king-theme:kingcomposer:2.9.4