CVE-2022-0165

MEDIUM NUCLEI

WordPress KingComposer <2.9.6 - Open Redirect

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-0165. PoCs published by Cappricio-Securities, K3ysTr0K3R. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python-based scanner for detecting CVE-2022-0165, an open redirect vulnerability in the KingComposer WordPress plugin. The tool checks for vulnerable endpoints and supports Telegram notifications for detected vulnerabilities.

Description

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users

Exploits (2)

nomisec SCANNER
by Cappricio-Securities · poc
https://github.com/Cappricio-Securities/CVE-2022-0165

This repository contains a Python-based scanner for detecting CVE-2022-0165, an open redirect vulnerability in the KingComposer WordPress plugin. The tool checks for vulnerable endpoints and supports Telegram notifications for detected vulnerabilities.

Classification
Scanner 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: KingComposer WordPress Plugin
No auth needed
Prerequisites: Python 3 · pip · target URLs or a list of URLs
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by K3ysTr0K3R · poc
https://github.com/K3ysTr0K3R/CVE-2022-0165-EXPLOIT

The exploit demonstrates an ID parameter validation bypass in the Page Builder KingComposer WordPress plugin, allowing unauthorized redirection via the kc_get_thumbn AJAX action. It crafts a malicious URL to exploit inadequate validation of the id parameter, potentially leading to phishing or malware distribution.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Page Builder KingComposer WordPress Plugin (versions up to and including 2.9.6)
No auth needed
Prerequisites: Access to the target WordPress site · Victim interaction with crafted URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress Page Builder KingComposer <=2.9.6 - Open Redirect
MEDIUMby akincibor

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/906d0c31-370e-46b4-af1f-e52fbddd00cb

Scores

CVSS v3 6.1
EPSS 0.0428
EPSS Percentile 89.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-601
Status published
Products (1)
king-theme/kingcomposer < 2.9.6
Published Mar 14, 2022
Tracked Since Feb 18, 2026