Vulnerabilites related to krzysztof-furtak - kkprogressbar2
Vulnerability from fkie_nvd
Published
2024-05-27 06:15
Modified
2025-05-19 18:29
Severity ?
Summary
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
References
| ▶ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/d4980886-da10-4bbc-a84a-fe071ab3b755/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/d4980886-da10-4bbc-a84a-fe071ab3b755/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| krzysztof-furtak | kkprogressbar2 | 1.0 | |
| krzysztof-furtak | kkprogressbar2 | 1.0.1 | |
| krzysztof-furtak | kkprogressbar2 | 1.1 | |
| krzysztof-furtak | kkprogressbar2 | 1.1.1 | |
| krzysztof-furtak | kkprogressbar2 | 1.1.2 | |
| krzysztof-furtak | kkprogressbar2 | 1.1.4 | |
| krzysztof-furtak | kkprogressbar2 | 1.1.4.2 | |
| krzysztof-furtak | kkprogressbar2 | 1.2 | |
| krzysztof-furtak | kkprogressbar2 | 1.3 | |
| krzysztof-furtak | kkprogressbar2 | 1.3.1 | |
| krzysztof-furtak | kkprogressbar2 | 1.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.0:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "2EDE5241-B632-4DB0-AB93-08BA242E884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.0.1:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "997119BD-A478-4AF0-A271-D3733AB223AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "F0D884DA-B959-4DAD-AC47-9EF53CA309B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.1:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "7469BC8A-1E5B-4661-BE60-D943CE11AB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.2:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "07125506-D462-4154-9ED1-3761DB25821C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.4:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "3BE6FFA8-AEC0-4BD4-B9DB-3293DCFAC8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.4.2:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "DF5BE688-DD43-47B8-820F-80C0ABAF8FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.2:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "E0520A7B-E535-4FDB-B3F4-0E4F5CD78D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "340F50CC-4825-40C7-BC6E-25F030FE9C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3.1:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "7FE0611A-3E59-4C00-842D-A8D538EBC7BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3.2:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "466C9F14-7C0E-4584-BA99-436CCEF77D7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks"
},
{
"lang": "es",
"value": "El complemento The KKProgressbar2 Free de WordPress hasta la versi\u00f3n 1.1.4.2 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los usuarios que han iniciado sesi\u00f3n realicen acciones no deseadas a trav\u00e9s de ataques CSRF."
}
],
"id": "CVE-2024-4535",
"lastModified": "2025-05-19T18:29:41.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-27T06:15:10.520",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/d4980886-da10-4bbc-a84a-fe071ab3b755/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/d4980886-da10-4bbc-a84a-fe071ab3b755/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-27 06:15
Modified
2025-05-19 18:29
Severity ?
Summary
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks
References
| ▶ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/c3406236-aaee-480a-8931-79c867252f11/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/c3406236-aaee-480a-8931-79c867252f11/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| krzysztof-furtak | kkprogressbar2 | 1.0 | |
| krzysztof-furtak | kkprogressbar2 | 1.0.1 | |
| krzysztof-furtak | kkprogressbar2 | 1.1 | |
| krzysztof-furtak | kkprogressbar2 | 1.1.1 | |
| krzysztof-furtak | kkprogressbar2 | 1.1.2 | |
| krzysztof-furtak | kkprogressbar2 | 1.1.4 | |
| krzysztof-furtak | kkprogressbar2 | 1.1.4.2 | |
| krzysztof-furtak | kkprogressbar2 | 1.2 | |
| krzysztof-furtak | kkprogressbar2 | 1.3 | |
| krzysztof-furtak | kkprogressbar2 | 1.3.1 | |
| krzysztof-furtak | kkprogressbar2 | 1.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.0:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "2EDE5241-B632-4DB0-AB93-08BA242E884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.0.1:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "997119BD-A478-4AF0-A271-D3733AB223AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "F0D884DA-B959-4DAD-AC47-9EF53CA309B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.1:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "7469BC8A-1E5B-4661-BE60-D943CE11AB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.2:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "07125506-D462-4154-9ED1-3761DB25821C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.4:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "3BE6FFA8-AEC0-4BD4-B9DB-3293DCFAC8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.4.2:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "DF5BE688-DD43-47B8-820F-80C0ABAF8FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.2:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "E0520A7B-E535-4FDB-B3F4-0E4F5CD78D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "340F50CC-4825-40C7-BC6E-25F030FE9C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3.1:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "7FE0611A-3E59-4C00-842D-A8D538EBC7BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3.2:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "466C9F14-7C0E-4584-BA99-436CCEF77D7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks"
},
{
"lang": "es",
"value": "El complemento The KKProgressbar2 Free de WordPress hasta la versi\u00f3n 1.1.4.2 no desinfecta ni escapa un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que permite a los usuarios administradores realizar ataques de inyecci\u00f3n SQL."
}
],
"id": "CVE-2024-4533",
"lastModified": "2025-05-19T18:29:37.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-27T06:15:10.283",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/c3406236-aaee-480a-8931-79c867252f11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/c3406236-aaee-480a-8931-79c867252f11/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-27 06:15
Modified
2025-05-19 18:29
Severity ?
Summary
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
References
| ▶ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/7b0046d4-cf95-4307-95a5-9b823f2daaaa/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/7b0046d4-cf95-4307-95a5-9b823f2daaaa/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| krzysztof-furtak | kkprogressbar2 | 1.0 | |
| krzysztof-furtak | kkprogressbar2 | 1.0.1 | |
| krzysztof-furtak | kkprogressbar2 | 1.1 | |
| krzysztof-furtak | kkprogressbar2 | 1.1.1 | |
| krzysztof-furtak | kkprogressbar2 | 1.1.2 | |
| krzysztof-furtak | kkprogressbar2 | 1.1.4 | |
| krzysztof-furtak | kkprogressbar2 | 1.1.4.2 | |
| krzysztof-furtak | kkprogressbar2 | 1.2 | |
| krzysztof-furtak | kkprogressbar2 | 1.3 | |
| krzysztof-furtak | kkprogressbar2 | 1.3.1 | |
| krzysztof-furtak | kkprogressbar2 | 1.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.0:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "2EDE5241-B632-4DB0-AB93-08BA242E884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.0.1:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "997119BD-A478-4AF0-A271-D3733AB223AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "F0D884DA-B959-4DAD-AC47-9EF53CA309B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.1:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "7469BC8A-1E5B-4661-BE60-D943CE11AB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.2:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "07125506-D462-4154-9ED1-3761DB25821C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.4:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "3BE6FFA8-AEC0-4BD4-B9DB-3293DCFAC8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.1.4.2:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "DF5BE688-DD43-47B8-820F-80C0ABAF8FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.2:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "E0520A7B-E535-4FDB-B3F4-0E4F5CD78D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "340F50CC-4825-40C7-BC6E-25F030FE9C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3.1:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "7FE0611A-3E59-4C00-842D-A8D538EBC7BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:krzysztof-furtak:kkprogressbar2:1.3.2:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "466C9F14-7C0E-4584-BA99-436CCEF77D7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento The KKProgressbar2 Free de WordPress hasta la versi\u00f3n 1.1.4.2 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n agregue payloads XSS almacenados a trav\u00e9s de un ataque CSRF."
}
],
"id": "CVE-2024-4534",
"lastModified": "2025-05-19T18:29:50.263",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-27T06:15:10.423",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/7b0046d4-cf95-4307-95a5-9b823f2daaaa/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/7b0046d4-cf95-4307-95a5-9b823f2daaaa/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-4535 (GCVE-0-2024-4535)
Vulnerability from cvelistv5
Published
2024-05-27 06:00
Modified
2025-03-25 14:21
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | KKProgressbar2 Free |
Version: 0 ≤ 1.1.4.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4535",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T14:20:52.252927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T14:21:30.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d4980886-da10-4bbc-a84a-fe071ab3b755/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "KKProgressbar2 Free ",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.1.4.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bob Matyas"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-27T06:00:02.939Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/d4980886-da10-4bbc-a84a-fe071ab3b755/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "KKProgressbar2 Free \u003c= 1.1.4.2 - Progress Bar Deletion via CSRF",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-4535",
"datePublished": "2024-05-27T06:00:02.939Z",
"dateReserved": "2024-05-05T23:31:24.589Z",
"dateUpdated": "2025-03-25T14:21:30.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4533 (GCVE-0-2024-4533)
Vulnerability from cvelistv5
Published
2024-05-27 06:00
Modified
2025-03-25 18:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | KKProgressbar2 Free |
Version: 0 ≤ 1.1.4.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4533",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T18:39:07.198337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T18:39:38.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/c3406236-aaee-480a-8931-79c867252f11/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "KKProgressbar2 Free ",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.1.4.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bob Matyas"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-27T06:00:02.573Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/c3406236-aaee-480a-8931-79c867252f11/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "KKProgressbar2 Free \u003c= 1.1.4.2 - Admin+ SQL Injection",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-4533",
"datePublished": "2024-05-27T06:00:02.573Z",
"dateReserved": "2024-05-05T23:27:01.800Z",
"dateUpdated": "2025-03-25T18:39:38.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4534 (GCVE-0-2024-4534)
Vulnerability from cvelistv5
Published
2024-05-27 06:00
Modified
2024-08-09 18:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | KKProgressbar2 Free |
Version: 0 ≤ 1.1.4.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7b0046d4-cf95-4307-95a5-9b823f2daaaa/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:krzysztof_furtak:kkprogressbar2_free:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kkprogressbar2_free",
"vendor": "krzysztof_furtak",
"versions": [
{
"lessThanOrEqual": "1.1.4.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4534",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T18:38:10.669772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T18:59:11.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "KKProgressbar2 Free ",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.1.4.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bob Matyas"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-27T06:00:02.758Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/7b0046d4-cf95-4307-95a5-9b823f2daaaa/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "KKProgressbar2 Free \u003c= 1.1.4.2 - Stored XSS via CSRF",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-4534",
"datePublished": "2024-05-27T06:00:02.758Z",
"dateReserved": "2024-05-05T23:28:59.278Z",
"dateUpdated": "2024-08-09T18:59:11.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}