Advertisement
Top
image credit: Pixabay

KingComposer fixes a reflected XSS impacting 100,000 WordPress sites

July 10, 2020

Via: Security Affairs
Category:

Researchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299, in the KingComposer WordPress plugin that potentially impacts 100,000 websites.

KingComposer a fast drag-and-drop page builder for WordPress websites, which comes complete with top-notch features embedded and a truly intuitive UI.

The vulnerability resides in Ajax functions used by the plugin to implement page builder features.

Read More on Security Affairs

RELATED PUBLICATIONS

Multiple flaws in pfSense firewall can lead to arbitrary code execution
More than 17,000 WordPress websites infected with the Balada Injector in September
Coding Tips to Sidestep JavaScript Vulnerabilities

Latest Publications

Google fixed critical Chrome vulnerability CVE-2024-4058
North Korean Hackers Hijack Antivirus Updates for Malware Delivery
AI set to play key role in future phishing attacks
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!