CVE-2024-1217

The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins.


We have discovered 2,405 live websites that are affected by CVE-2024-1217.

Contact us to get more info




Affected Software

Product  Kali Forms
Category Wordpress Plugins
Vulnerable Domains2,405 live websites (38.29% of Kali Forms install base)
Vulnerable Versions
  • from 0 through 2.3.41
Vulnerable Versions Count77 versions ( 88.51% of all versions)



Details

  • Published - Feb 20, 2024
  • Updated - Aug 1, 2024

Credits

  • Lucio Sá (finder)

CVE-2024-1217 usage by Country

United States618 websites



Germany374 websites
France223 websites
Netherlands123 websites
Poland110 websites
GB83 websites
Spain59 websites
Denmark56 websites
Japan49 websites
Russia42 websites

CVE-2024-1217 usage by TLD

.com874 websites
.de196 websites
.org135 websites
.nl114 websites
.pl88 websites
.fr84 websites
.net69 websites
.co.uk60 websites
.com.br41 websites
.ru39 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-1217

Top websites that are affected by CVE-2024-1217. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
***.mu France**,***
***************.com Italy***,***
**************.com United States***,***
************.com United States***,***
****.****.***.ph Philippines***,***
*********.it Italy***,***
****************.com United States***,***
******************.com United States***,***
****************.com United States*,***,***
*********.de Denmark*,***,***
See full domain list

FAQ

A total of 2,405 websites have been identified as vulnerable to CVE-2024-1217, discovered through global website indexing conducted by WebTechSurvey.
Kali Forms is susceptible to CVE-2024-1217 vulnerability.
Kali Forms versions before, and including, 2.3.41 are vulnerable to CVE-2024-1217.