CVE-2024-4535

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.0:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.0.1:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.1:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.2:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.4:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.4.2:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.2:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3.1:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3.2:*:*:*:free:wordpress:*:*

History

19 May 2025, 18:29

Type Values Removed Values Added
CWE CWE-352
First Time Krzysztof-furtak
Krzysztof-furtak kkprogressbar2
References () https://wpscan.com/vulnerability/d4980886-da10-4bbc-a84a-fe071ab3b755/ - () https://wpscan.com/vulnerability/d4980886-da10-4bbc-a84a-fe071ab3b755/ - Exploit, Third Party Advisory
CPE cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.4:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.0:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3.1:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.0.1:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.1:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3.2:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.2:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.2:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.4.2:*:*:*:free:wordpress:*:*
cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1:*:*:*:free:wordpress:*:*

25 Mar 2025, 15:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

21 Nov 2024, 09:43

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/d4980886-da10-4bbc-a84a-fe071ab3b755/ - () https://wpscan.com/vulnerability/d4980886-da10-4bbc-a84a-fe071ab3b755/ -

28 May 2024, 12:39

Type Values Removed Values Added
Summary
  • (es) El complemento The KKProgressbar2 Free de WordPress hasta la versión 1.1.4.2 no tiene comprobaciones CSRF en algunos lugares, lo que podría permitir a los atacantes hacer que los usuarios que han iniciado sesión realicen acciones no deseadas a través de ataques CSRF.

27 May 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-27 06:15

Updated : 2025-05-19 18:29


NVD link : CVE-2024-4535

Mitre link : CVE-2024-4535

CVE.ORG link : CVE-2024-4535


JSON object : View

Products Affected

krzysztof-furtak

  • kkprogressbar2
CWE
CWE-352

Cross-Site Request Forgery (CSRF)