Lucene search
K

108 matches found

Nuclei
Nuclei
added yesterday16 views

WordPress Kali Forms <= 2.4.9 - Remote Code Execution

Kali Forms WordPress plugin = 2.4.9 contains a remote code execution caused by unsafe user input handling in 'formprocess' and 'preparepostdata' functions, letting unauthenticated attackers execute code on the server, exploit requires no authentication. id: CVE-2026-3584 info: name: WordPress Kal...

9.8CVSS6.5AI score0.07239EPSS
Exploits2References2
NVD
NVD
added 2026/07/01 5:16 a.m.11 views

CVE-2026-9107

The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'metakaliformsfieldcomponents' parameter in all versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00241EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/01 3:43 a.m.9 views

EUVD-2026-40891

The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'metakaliformsfieldcomponents' parameter in all versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/01 3:43 a.m.37 views

CVE-2026-9107 Kali Forms <= 2.4.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'kaliforms_field_components' Parameter

The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'metakaliformsfieldcomponents' parameter in all versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00241EPSS
Exploits0References10
CVE
CVE
added 2026/07/01 3:43 a.m.18 views

CVE-2026-9107

The CVE-2026-9107 entry concerns the Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin. A Stored Cross-Site Scripting vulnerability exists via the meta[kaliforms_field_components] parameter in all versions up to 2.4.13, caused by insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.00241EPSS
Exploits0References10
NVD
NVD
added 2026/06/30 7:16 a.m.10 views

CVE-2026-11581

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a column header on the administrator form-entries screen, allowing users with Contributor-level access or above to store JavaScript that executes i...

5.9CVSS0.0014EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 6:0 a.m.13 views

CVE-2026-11581

The CVE-2026-11581 entry concerns the Kali Forms — Contact Form & Drag-and-Drop Builder for WordPress, vulnerable before version 2.4.13. The form captions (columns on the form-entries admin screen) are not sanitized, allowing stored XSS where a user with Contributor-level access (or higher) can i...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:0 a.m.9 views

EUVD-2026-40261

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form field's caption before outputting it as a column header on the administrator form-entries screen, allowing users with Contributor-level access or above to store JavaScript that executes i...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.129 views

📄 WordPress Kali Forms 2.4.9 Remote Code Execution

WordPress Kali Forms plugin version 2.4.9 suffers from a remote code execution vulnerability. ================================================================================================================================== | Title : WordPress Kali Forms 2.4.9 Remote Code Execution Assessment | ...

9.8CVSS6.5AI score0.07239EPSS
Exploits2
Wordfence Blog
Wordfence Blog
added 2026/04/13 6:2 p.m.20 views

Attackers Actively Exploiting Critical Vulnerability in Kali Forms Plugin

On March 2nd, 2026, we received a submission through our Bug Bounty Program for a Remote Code Execution vulnerability in Kali Forms, a WordPress plugin with more than 10,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to execute code on the server. T...

9.8CVSS6AI score0.07239EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.20 views

CVE-2026-3584

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'formprocess' function. This is due to the 'preparepostdata' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of...

9.8CVSS6.1AI score0.07239EPSS
Exploits2References1
Patchstack
Patchstack
added 2026/03/23 10:14 a.m.8 views

WordPress Kali Forms plugin <= 2.4.9 - Unauthenticated Remote Code Execution via form_process vulnerability

Unauthenticated Remote Code Execution via formprocess vulnerability discovered by ISMAILSHADOW in WordPress Plugin Kali Forms versions = 2.4.9...

9.8CVSS5.9AI score0.07239EPSS
Exploits2References1Affected Software1
EUVD
EUVD
added 2026/03/21 12:31 a.m.14 views

EUVD-2026-13814

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'formprocess' function. This is due to the 'preparepostdata' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of...

9.8CVSS6.1AI score0.07239EPSS
Exploits2References4
NVD
NVD
added 2026/03/20 10:16 p.m.15 views

CVE-2026-3584

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'formprocess' function. This is due to the 'preparepostdata' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of...

9.8CVSS0.07239EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 9:25 p.m.27 views

CVE-2026-3584

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'formprocess' function. This is due to the 'preparepostdata' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of...

9.8CVSS6.1AI score0.07239EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/03/20 9:25 p.m.30 views

CVE-2026-3584 Kali Forms <= 2.4.9 - Unauthenticated Remote Code Execution via form_process

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'formprocess' function. This is due to the 'preparepostdata' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of...

9.8CVSS0.07239EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/03/20 9:25 p.m.4 views

CVE-2026-3584 Kali Forms <= 2.4.9 - Unauthenticated Remote Code Execution via form_process

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'formprocess' function. This is due to the 'preparepostdata' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of...

9.8CVSS6.1AI score0.07239EPSS
Exploits2References3
CVE
CVE
added 2026/03/20 9:25 p.m.33 views

CVE-2026-3584

CVE-2026-3584 – WordPress Kali Forms

9.8CVSS6.1AI score0.07239EPSS
In wildExploits2References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

WordPress plugin Kali Forms 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

9.8CVSS6.2AI score0.07239EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.6 views

PT-2026-26682

Name of the Vulnerable Software and Affected Versions Kali Forms versions prior to 2.4.9 Description The Kali Forms plugin for WordPress is susceptible to Remote Code Execution in versions up to and including 2.4.9. This is due to the prepare post data function mapping user-supplied keys directly...

9.8CVSS6.2AI score0.07239EPSS
Exploits2References16
Rows per page
Query Builder