Vulnerabilities > CVE-2020-36712 - Missing Authorization vulnerability in Kaliforms Kali Forms

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

kaliforms

CWE-862

NVD

Published: 2023-06-07

Updated: 2023-11-07

Summary

The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter.

Vulnerable Configurations

Part	Description	Count
Application	Kaliforms Kaliforms Kali Forms *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/92644676-add4-415c-9a1a-c6616108688d?source=cve
https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/