Drag-and-drop page builder for WordPress, KingComposer patched a vulnerability, tracked as CVE-2020-15299 and a severity score of 6.1. The Wordfence Threat Intelligence team found the flaw in Ajax functions used by the plugin, which is installed on over 100,000 sites. Wordfence contacted the WordPress Plugins team and they let the developers of the plugin know the issue, and finally, the patch was released on June 29.
Reflected XSS vulnerabilities
Exploiting a Reflected XSS vulnerability usually relies on an attacker tricking their victim into clicking a malicious link. It sends the victim to the vulnerable site along with a malicious payload. Wordfence team also stated that reflected XSS attacks need to trick the user into performing an action, the team recommend remaining vigilant when clicking on links or attachments in comments, emails, and other communication sources with suspicious integrity and legitimacy.