The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated attacker to change (or delete) the plugin's settings.
We have discovered 191 live websites that are affected by CVE-2020-36720.
Product | Kali Forms |
Category | Wordpress Plugins |
Vulnerable Domains | 191 live websites (3.04% of Kali Forms install base) |
Vulnerable Versions |
|
Vulnerable Versions Count | 12 versions ( 13.79% of all versions) |
United States | 49 websites |
France | 24 websites |
Germany | 22 websites |
Spain | 7 websites |
Russia | 7 websites |
Poland | 6 websites |
Japan | 5 websites |
Canada | 4 websites |
Australia | 4 websites |
GB | 4 websites |
.com | 77 websites |
.fr | 14 websites |
.org | 8 websites |
.de | 7 websites |
.ru | 7 websites |
.com.au | 6 websites |
.net | 5 websites |
.nl | 4 websites |
.com.br | 4 websites |
.cz | 4 websites |
Domain | Country | Rank | Contacts |
---|---|---|---|
***.mu | France | **,*** | |
******************.com | United States | ***,*** | |
****************.com | United States | *,***,*** | |
*****.net | United States | *,***,*** | |
***********.com | United States | *,***,*** | |
********.ru | Russia | *,***,*** | |
***********.fr | France | *,***,*** | |
*****.************.eu | Spain | *,***,*** | |
********************.fr | France | *,***,*** | |
***.**************.org | United States | *,***,*** |
FAQ