Vulnerabilities and security researches forkali-forms kali-forms
Direction: ascendingContact Form builder with drag & drop for WordPress – Kali Forms # df632be42db45b1b9c83fc4e7a3345d79bb757ff
- CVE, Research URL
- Home page URL
-
Security reports for Contact Form builder with drag & drop for WordPress – Kali Forms
- Date
- Aug 21, 2020
- Research Description
- Contact Form builder with drag & drop for WordPress – Kali Forms [kali-forms] < 2.1.2 WordPress Contact Form builder with drag & drop plugin <= 2.1.1 - Unauthenticated Arbitrary Post Deletion vulnerability Unauthenticated Arbitrary Post Deletion vulnerability discovered by NinTechNet in WordPress Contact Form builder with drag & drop plugin (versions <= 2.1.1).
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Contact Form builder with drag & drop for WordPress – Kali Forms # CVE-2020-36717
- CVE, Research URL
- Home page URL
-
Security reports for Contact Form builder with drag & drop for WordPress – Kali Forms
- Date
- Jun 07, 2023
- Research Description
- The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Contact Form builder with drag & drop for WordPress – Kali Forms # CVE-2024-1217
- CVE, Research URL
- Home page URL
-
Security reports for Contact Form builder with drag & drop for WordPress – Kali Forms
- Date
- Feb 29, 2024
- Research Description
- The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Contact Form builder with drag & drop for WordPress – Kali Forms # CVE-2020-36712
- CVE, Research URL
- Home page URL
-
Security reports for Contact Form builder with drag & drop for WordPress – Kali Forms
- Date
- Jun 07, 2023
- Research Description
- The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Contact Form builder with drag & drop for WordPress – Kali Forms # CVE-2020-36720
- CVE, Research URL
- Home page URL
-
Security reports for Contact Form builder with drag & drop for WordPress – Kali Forms
- Date
- Jun 07, 2023
- Research Description
- The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated attacker to change (or delete) the plugin's settings.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Contact Form builder with drag & drop for WordPress – Kali Forms # CVE-2024-22305
- CVE, Research URL
- Home page URL
-
Security reports for Contact Form builder with drag & drop for WordPress – Kali Forms
- Date
- Jan 31, 2024
- Research Description
- Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Contact Form builder with drag & drop for WordPress – Kali Forms # CVE-2024-1218
- CVE, Research URL
- Home page URL
-
Security reports for Contact Form builder with drag & drop for WordPress – Kali Forms
- Date
- Feb 29, 2024
- Research Description
- The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Contact Form builder with drag & drop for WordPress – Kali Forms # CVE-2023-45275
- CVE, Research URL
- Home page URL
-
Security reports for Contact Form builder with drag & drop for WordPress – Kali Forms
- Date
- Jan 02, 2025
- Research Description
- Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.28.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Contact Form builder with drag & drop for WordPress – Kali Forms # CVE-2023-46083
- CVE, Research URL
- Home page URL
-
Security reports for Contact Form builder with drag & drop for WordPress – Kali Forms
- Date
- Jan 02, 2025
- Research Description
- Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.27.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Contact Form builder with drag & drop for WordPress – Kali Forms # CVE-2025-3201
- CVE, Research URL
- Home page URL
-
Security reports for Contact Form builder with drag & drop for WordPress – Kali Forms
- Date
- May 16, 2025
- Research Description
- The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable