EUVD-2024-16985

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Contact Form builder for WordPress is vulnerable to unauthorized data access via API endpoints.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-1218	8 Mar 202422:56	–	circl
CNNVD	WordPress Plugin Contact Form builder with drag & drop security vulnerability	29 Feb 202400:00	–	cnnvd
CVE	CVE-2024-1218	20 Feb 202418:56	–	cve
Cvelist	CVE-2024-1218 Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization	20 Feb 202418:56	–	cvelist
NVD	CVE-2024-1218	29 Feb 202401:43	–	nvd
Patchstack	WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.41 is vulnerable to Broken Access Control	21 Feb 202400:00	–	patchstack
Prion	Design/Logic Flaw	29 Feb 202401:43	–	prion
Positive Technologies	PT-2024-17471 · WordPress · Kali Forms	20 Feb 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-1218	23 May 202509:39	–	redhatcve
Vulnrichment	CVE-2024-1218	20 Feb 202418:56	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "a4cae845-8db6-35a6-995d-db0cec2227ee",
        "vendor": {
          "name": "kaliforms"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "133531c8-a876-364c-9c30-5abf45519ac9",
        "product": {
          "name": "Contact Form builder with drag & drop for WordPress – Kali Forms"
        }
      },
      {
        "id": "b29ff9ed-3f77-3339-ac66-d13bb887a5cd",
        "product": {
          "name": "Contact Form builder with drag & drop for WordPress – Kali Forms"
        },
        "product_version": "* ≤2.3.41"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/ed1aae32-6040-4c42-b8a7-4c3be371a8c0
plugins	www.plugins.trac.wordpress.org/changeset/3036466/kali-forms/trunk

03 Oct 2025 20:07Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.14.3 - 5.4

EPSS0.00153

SSVC