The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins.
We have discovered 2,405 live websites that are affected by CVE-2024-1217.
Product | Kali Forms |
Category | Wordpress Plugins |
Vulnerable Domains | 2,405 live websites (38.29% of Kali Forms install base) |
Vulnerable Versions |
|
Vulnerable Versions Count | 77 versions ( 88.51% of all versions) |
United States | 618 websites |
Germany | 374 websites |
France | 223 websites |
Netherlands | 123 websites |
Poland | 110 websites |
GB | 83 websites |
Spain | 59 websites |
Denmark | 56 websites |
Japan | 49 websites |
Russia | 42 websites |
.com | 874 websites |
.de | 196 websites |
.org | 135 websites |
.nl | 114 websites |
.pl | 88 websites |
.fr | 84 websites |
.net | 69 websites |
.co.uk | 60 websites |
.com.br | 41 websites |
.ru | 39 websites |
Domain | Country | Rank | Contacts |
---|---|---|---|
***.mu | France | **,*** | |
***************.com | Italy | ***,*** | |
**************.com | United States | ***,*** | |
************.com | United States | ***,*** | |
****.****.***.ph | Philippines | ***,*** | |
*********.it | Italy | ***,*** | |
****************.com | United States | ***,*** | |
******************.com | United States | ***,*** | |
****************.com | United States | *,***,*** | |
*********.de | Denmark | *,***,*** |
FAQ