Researchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299, in the KingComposer WordPress plugin that potentially impacts 100,000 websites.
KingComposer a fast drag-and-drop page builder for WordPress websites, which comes complete with top-notch features embedded and a truly intuitive UI.
The vulnerability resides in Ajax functions used by the plugin to implement page builder features.