Vulnerabilities > CVE-2021-25048 - Unspecified vulnerability in King-Theme Kingcomposer 2.7.6/2.9.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |