XSS issue in the WordPress plugin patched by KingComposer

23
WordPress plugin

WordPress fuelled domains use the KingComposer tool for drag-and-drop page building. It removes the need for direct coding or program building a page that uses a content management system (CMS).

The XSS bug was detected by the Wordfence Threat Intelligence team and marked as CVE-2020-15299 with a CVSS score of 6.1. The vulnerability was capable of introducing malware into a user’s system if a malicious link gets clicked. It had affected more than 100,000 websites.

Source: Zdnet