📄 WordPress KKProgressbar2 1.1.4.2 Cross Site Request Forgery

WordPress KKProgressbar2 version 1.1.4.2 cross site request forgery proof of concept exploit. Exploit Title: WordPress Plugin KKProgressbar2 - Cross-Site Request Forgery CSRF Date: 2025-10-05 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H:...

SUSE CVE-2024-4533

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks...

WordPress KKProgressbar2 Free plugin <= 1.1.4.2 - Progress Bar Deletion via CSRF vulnerability

Progress Bar Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin KKProgressbar2 Free versions = 1.1.4.2...

WordPress KKProgressbar2 Free plugin <= 1.1.4.2 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin KKProgressbar2 Free versions = 1.1.4.2...

WordPress KKProgressbar2 Free plugin <= 1.1.4.2 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Bob Matyas in WordPress Plugin KKProgressbar2 Free versions = 1.1.4.2...

CVE-2024-4535

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-4534

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-4535

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-4533

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks...

CVE-2024-4533

CVE-2024-4533 affects the KKProgressbar2 Free WordPress plugin up to version 1.1.4.2, where an unsanitized parameter is used directly in a SQL statement, enabling admin users to perform SQL injection. The connected documents confirm the issue but do not provide a remediation version or patch deta...

CVE-2024-4534 KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-4535 KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-4535

CVE-2024-4535 : The WordPress plugin KKProgressbar2 Free (versions

CVE-2024-4533 KKProgressbar2 Free <= 1.1.4.2 - Admin+ SQL Injection

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks...

CVE-2024-4534 KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-4533 KKProgressbar2 Free <= 1.1.4.2 - Admin+ SQL Injection

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks...

CVE-2024-4534

CVE-2024-4534 affects KKProgressbar2 Free WordPress plugin (versions

WordPress plugin KKProgressbar2 Free 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress KKProgressbar2 Free Plugin <= 1.1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software KKProgressbar2 Free Type Plugin Vulnerable versions = 1.1.4.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4534 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 3868f534725e Credits Bob Matyas...

PT-2024-31574 · WordPress · Kkprogressbar2 Free

Name of the Vulnerable Software and Affected Versions: KKProgressbar2 Free WordPress plugin versions 1.1.4.2 and earlier Description: The issue allows admin users to perform SQL injection attacks due to the lack of sanitization and escaping of a parameter before using it in a SQL statement...