Unrated severityNVD Advisory· Published Jul 9, 2020· Updated Aug 4, 2024
CVE-2020-15299
CVE-2020-15299
Description
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim's browser.
Affected products
2- WordPress/KingComposer plugindescription
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.