The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries.
We have discovered 2,405 live websites that are affected by CVE-2024-1218.
Product | Kali Forms |
Category | Wordpress Plugins |
Vulnerable Domains | 2,405 live websites (38.29% of Kali Forms install base) |
Vulnerable Versions |
|
Vulnerable Versions Count | 77 versions ( 88.51% of all versions) |
United States | 618 websites |
Germany | 374 websites |
France | 223 websites |
Netherlands | 123 websites |
Poland | 110 websites |
GB | 83 websites |
Spain | 59 websites |
Denmark | 56 websites |
Japan | 49 websites |
Russia | 42 websites |
.com | 874 websites |
.de | 196 websites |
.org | 135 websites |
.nl | 114 websites |
.pl | 88 websites |
.fr | 84 websites |
.net | 69 websites |
.co.uk | 60 websites |
.com.br | 41 websites |
.ru | 39 websites |
Domain | Country | Rank | Contacts |
---|---|---|---|
***.mu | France | **,*** | |
***************.com | Italy | ***,*** | |
**************.com | United States | ***,*** | |
************.com | United States | ***,*** | |
****.****.***.ph | Philippines | ***,*** | |
*********.it | Italy | ***,*** | |
****************.com | United States | ***,*** | |
******************.com | United States | ***,*** | |
****************.com | United States | *,***,*** | |
*********.de | Denmark | *,***,*** |
FAQ