The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to de...
8.6CVSS
5.3AI Score
0.001EPSS
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions via...
8.8CVSS
8.3AI Score
0.002EPSS
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated attacker to change (or delete) the plugin's settings.
7.1CVSS
6.8AI Score
0.002EPSS
Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress β Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress β Kali Forms: from n/a through 2.3.36.
8.1CVSS
8.1AI Score
0.001EPSS