CVE-2020-36712
Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post DeletionThe Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter.
We have discovered 127 live websites that are affected by CVE-2020-36712.
Affected Software
| Product |  Kali Forms |
| Category | Wordpress Plugins |
| Vulnerable Domains | 127 live websites (2.43% of Kali Forms install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 10 versions ( 12% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Jun 7, 2023
- Updated - Apr 8, 2026
Credits
- Jerome Bruandet (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2020-36712 United States | 26 websites |
 France | 17 websites |
 Germany | 11 websites |
 Czech Republic | 8 websites |
 Italy | 6 websites |
 Russia | 5 websites |
 GB | 4 websites |
 Australia | 4 websites |
 Brazil | 3 websites |
 Spain | 3 websites |
Website Distribution by TLD
Number of websites using CVE-2020-36712| .com | 49 websites |
| .fr | 11 websites |
| .cz | 8 websites |
| .org | 7 websites |
| .ru | 4 websites |
| .de | 4 websites |
| .nl | 3 websites |
| .com.au | 3 websites |
| .com.br | 3 websites |
| .eu | 3 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2020-36712
Top websites that are affected by CVE-2020-36712. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****************.com | United States | *,***,*** | |
| *****.net | United States | *,***,*** | |
| *****.************.eu | Spain | *,***,*** | |
| ********************.fr | France | *,***,*** | |
| ***.**************.org | United States | *,***,*** | |
| **************.fr | France | *,***,*** | |
| *******************.org | United States | *,***,*** | |
| **************.fr | France | *,***,*** | |
| ****.com |  China | *,***,*** | |
| *****.com |  Israel | **,***,*** |
FAQ
CVE-2020-36712 is Missing Authorization in Kali Forms
A total of 127 websites have been identified as vulnerable to CVE-2020-36712, based on global website indexing conducted by WebTechSurvey.
The Kali Forms is affected by the CVE-2020-36712 vulnerability.
Kali Forms versions up to 2.1.2 are vulnerable to CVE-2020-36712.
CVE-2020-36712 is resolved in version 2.1.2 of Kali Forms.