The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter.
References
Configurations
History
21 Nov 2024, 05:30
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
References | () https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/ - Exploit | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/92644676-add4-415c-9a1a-c6616108688d?source=cve - Third Party Advisory |
12 Jun 2023, 19:28
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | (MISC) https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/ - Exploit | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/92644676-add4-415c-9a1a-c6616108688d?source=cve - Third Party Advisory | |
CPE | cpe:2.3:a:kaliforms:kali_forms:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-862 |
07 Jun 2023, 02:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-07 02:15
Updated : 2024-11-21 05:30
NVD link : CVE-2020-36712
Mitre link : CVE-2020-36712
CVE.ORG link : CVE-2020-36712
JSON object : View
Products Affected
kaliforms
- kali_forms
CWE
CWE-862
Missing Authorization