Page Builder KingComposer <= 2.9.6 - Open Redirect
CVE-2022-0165

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Page Builder: Kingcomposer – Free Drag And Drop Page Builder By King-theme
Vendor: CVE Published:; 14 March 2022

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users

Affected Version(s)

Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme 2.9.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-0165-EXPLOIT
Created by K3ysTr0K3R

References

https://wpscan.com/vulnerability/906d0c31-370e-46b4-af1f-...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

🟡
Public PoC available
May 29, 2024
👾
Exploit known to exist
Aug 9, 2023
Vulnerability published
Mar 14, 2022
Vulnerability Reserved
Jan 10, 2022

Credit

Krzysztof Zając