Lucene search
WPScanCVELIST:CVE-2024-4534HistoryMay 27, 2024 - 6:00 a.m.
CVE-2024-4534 KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF
2024-05-2706:00:02
WPScan
www.cve.org
1
cve-2024-4534
kkprogressbar2
wordpress
stored xss
csrf
sanitisation
escaping
attack
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CNA Affected
[
{
"vendor": "Unknown",
"product": "KKProgressbar2 Free ",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.1.4.2"
}
],
"defaultStatus": "affected"
}
]Related
nvd
nvd
CVE-2024-4534
2024-05-27 06:15:10
wpvulndb
wpvulndb
KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF
2024-05-06 00:00:00
wpexploit
wpexploit
KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF
2024-05-06 00:00:00
cve
cve
CVE-2024-4534
2024-05-27 06:15:10
wordfence
wordfence