Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:E6B1AFB1-A399-4600-949C-81BD70562F29
HistoryJan 24, 2024 - 12:00 a.m.

Contact Form builder with drag & drop - Kali Forms < 2.3.37 - Insecure Direct Object Reference

2024-01-2400:00:00
wpscan.com
5
wordpress
kali forms
insecure direct object reference
security

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

Description The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.38 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to access objects they do not have proper authorization to view.

Related

cvelist 1
nvd 1
cve 1
prion 1
wordfence 1
cvelist
cvelist
CVE-2024-22305 WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR)
2024-01-31 11:49:29
nvd
nvd
CVE-2024-22305
2024-01-31 12:16:05
cve
cve
CVE-2024-22305
2024-01-31 12:16:05
prion
prion
Authorization
2024-01-31 12:16:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 15, 2024 to January 21, 2024)
2024-01-25 14:37:23

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON
Related for WPVDB-ID:E6B1AFB1-A399-4600-949C-81BD70562F29
cvelist1nvd1cve1prion1wordfence1