Detects 'Open Redirect' vulnerability in Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme plugin for WordPress affects v. through 2.9.6.
Can be used by
Scan only one
CVE-2022-0165 Scanner Detail
The Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme is a popular WordPress plugin that allows users to easily create and customize web pages using a drag and drop interface. This plugin is highly valued by web developers and designers as it simplifies the process of creating and editing web pages, making it easier to create professional and responsive websites. With over 100,000 active installations, the plugin is widely used by WordPress users globally.
However, security researchers have recently uncovered a vulnerability in the plugin known as CVE-2022-0165. This vulnerability allows a potential attacker to access sensitive user information by exploiting the id parameter in the kc_get_thumbn AJAX action. The plugin does not validate the id parameter before redirecting users to it, which makes it vulnerable to cyberattacks.
If exploited, this vulnerability can lead to significant data breaches. An attacker can use the information gained from the exploit to gain unauthorized access to user accounts and even sensitive business data. This can result in the compromise of entire systems, leading to financial losses, reputational damage, and legal liabilities.
At securityforeveryone.com, we offer pro features that provide powerful and efficient tools for identifying and managing security vulnerabilities in your digital assets. Our platform offers a reliable and easy-to-use tool for tracking and fixing vulnerabilities within your WordPress sites, ensuring that your digital assets are protected from cyberattacks. By leveraging our expertise and experience, you can rest assured that your web pages are free from vulnerabilities and remain safeguarded against attacks.