Core Plugin For Kitestudio Themes
Monthly
The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.