CVE-2024-4535: KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF

Description

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Classification

CVE ID: CVE-2024-4535

Problem Types

CWE-352 Cross-Site Request Forgery (CSRF)

Affected Products

Vendor: Unknown

Product: KKProgressbar2 Free

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.12% (probability of being exploited)

EPSS Percentile: 31.54% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-4535
https://wpscan.com/vulnerability/d4980886-da10-4bbc-a84a-fe071ab3b755/

Timeline

2025-03-25 15:40:15 UTC
CVE

KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF