CVE-2022-0165

MEDIUM NUCLEI

WordPress KingComposer <2.9.6 - Open Redirect

Title source: llm

Description

The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users

Exploits (2)

nomisec SCANNER

by Cappricio-Securities · poc

https://github.com/Cappricio-Securities/CVE-2022-0165

View Code ZIP pw:eip

nomisec WORKING POC

by K3ysTr0K3R · poc

https://github.com/K3ysTr0K3R/CVE-2022-0165-EXPLOIT

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress Page Builder KingComposer <=2.9.6 - Open Redirect

MEDIUMby akincibor

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/906d0c31-370e-46b4-af1f-e52fbddd00cb

Scores

CVSS v3 6.1

EPSS 0.4904

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (1)

king-theme/kingcomposer < 2.9.6

Published Mar 14, 2022

Tracked Since Feb 18, 2026