CVE-2024-4535 KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF

2024-05-2706:00:02

WPScan

www.cve.org

kkprogressbar2

wordpress

csrf

vulnerability

9.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "KKProgressbar2 Free ",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.1.4.2"
      }
    ],
    "defaultStatus": "affected"
  }
]