CVE-2024-4534 in KKProgressbar2 Free Plugin信息

摘要

由 VulDB • 2026-05-30

KKProgressbar2 Free WordPress 插件在 1.1.4.2 版本及之前,在某些地方缺少 CSRF 检查,同时也缺少数据清理(sanitisation)和转义(escaping)处理,这可能导致攻击者通过 CSRF 攻击诱使已登录的管理员添加存储型 XSS 载荷。

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

来源

Do you need the next level of professionalism?

Upgrade your account now!