Vulnerabilities > CVE-2021-25048 - Unspecified vulnerability in King-Theme Kingcomposer 2.7.6/2.9.4

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
king-theme

Summary

The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them

Vulnerable Configurations

Part Description Count
Application
King-Theme
2