Lucene search

WordfenceCVELIST:CVE-2020-36712

HistoryJun 07, 2023 - 1:51 a.m.

CVE-2020-36712

2023-06-0701:51:31

Wordfence

www.cve.org

kali forms

wordpress

vulnerability

unauthenticated

post deletion

site

privilege

user protections

cve-2020-36712

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

50.0%

JSON

The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter.

CNA Affected

[
  {
    "vendor": "kaliforms",
    "product": "Contact Form builder with drag & drop for WordPress – Kali Forms",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThan": "2.1.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/

www.wordfence.com/threat-intel/vulnerabilities/id/92644676-add4-415c-9a1a-c6616108688d?source=cve

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

50.0%

JSON

Related for CVELIST:CVE-2020-36712