Lucene search
HistoryMay 27, 2024 - 6:15 a.m.
CVE-2024-4534
kkprogressbar2 free
wordpress plugin
csrf attack
stored xss
nvd
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
Affected configurations
Node
free_php_scriptsfree_image_hostingRange≤1.1.4.2
CNA Affected
[
{
"vendor": "Unknown",
"product": "KKProgressbar2 Free ",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.1.4.2"
}
],
"defaultStatus": "affected"
}
]Related
nvd
nvd
CVE-2024-4534
2024-05-27 06:15:10
wpvulndb
wpvulndb
KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF
2024-05-06 00:00:00
wpexploit
wpexploit
KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF
2024-05-06 00:00:00
cvelist
cvelist
CVE-2024-4534 KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF
2024-05-27 06:00:02
wordfence
wordfence