CVE-2020-36709

Name of the Vulnerable Software and Affected Versions The Page Builder: KingComposer plugin for WordPress versions prior to 2.9.4

Description The issue is related to Stored Cross-Site Scripting via shortcode due to insufficient input sanitization and output escaping. This allows authenticated attackers to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page.

Recommendations For versions prior to 2.9.4, update to version 2.9.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the shortcode feature to minimize the risk of exploitation.