XSS Vulnerability Found In KingComposer WordPress Plugin

  •  
  •  
  •  
  • 3
  •  
  •  
  •  
    3
    Shares

Another vulnerable WordPress plugin has come to light. This time, the vulnerability appeared in the KingComposer WordPress plugin. It potentially affected over 100,000 websites.

KingComposer WordPress Plugin Vulnerability

Team Wordfence discovered the vulnerability of the WordPress plugin. In their discovery, they found a vulnerability in KingComposer Drag and Drop Page Builder WordPress plugin.

As stated in their post, the researchers found reflected cross-site scripting (XSS) vulnerability in the plugin. It existed because of an AJAX function not actively used but functional, from the other AJAX functions.

An attacker could exploit this function to sending a POST request to wp-admin/admin-ajax.php with the action parameter set to kc_install_online_preset. In turn, the attacker could execute malware on the users’ browsers visiting the target website.

Stating how this would happen, Wordfence stated,

This function renders a JavaScript based on the contents of the kc-online-preset-link and kc-online-preset-data parameters. Since it uses the esc_attr and esc_url functions, it appears safe at first glance. Unfortunately, however, the contents of the kc-online-preset-data parameter are base64-decoded after this step.
As such, if an attacker used base64-encoding on a malicious payload, and tricked a victim into sending a request containing this payload in the kc-online-preset-data parameter, the malicious payload would be decoded and executed in the victim’s browser.

Patched Rolled Out

The vulnerability affected all plugin versions before the patched version. The researchers found the bug in June 2020, after which, they reached out to the developers.

Following their report, the developers patched the vulnerability with the release of KingComposer – Free Drag and Drop page builder version 2.9.5. The patch includes the complete removal of the unused function from the code.

Hence, now that the patch is available, users must ensure updating their sites to the latest patched version of the plugin to stay protected from potential attacks.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!