Design/Logic Flaw

2023-06-0702:15:00

PRIOn knowledge base

www.prio-n.com

kali forms plugin

wordpress

unauthenticated

arbitrary post deletion

privilege

user protections

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.3%

JSON

The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter.

CPENameOperatorVersion
kali_formsle2.1.1

CPE	Name	Operator	Version
	kali_forms	le	2.1.1

References

blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/

www.wordfence.com/threat-intel/vulnerabilities/id/92644676-add4-415c-9a1a-c6616108688d?source=cve