CVE-2024-22305

WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36.


We have discovered 2,230 live websites that are affected by CVE-2024-22305.

Contact us to get more info




Affected Software

Product  Kali Forms
Category Wordpress Plugins
Vulnerable Domains2,230 live websites (35.50% of Kali Forms install base)
Vulnerable Versions
  • from 0 through 2.3.36
Vulnerable Versions Count72 versions ( 82.76% of all versions)


Common Weakness Enumeration

CWE-639 Authorization Bypass Through User-Controlled Key



Details

  • Published - Jan 31, 2024
  • Updated - Aug 1, 2024

Credits

  • Revan Arifio (Patchstack Alliance) (finder)

CVE-2024-22305 usage by Country

United States578 websites



Germany345 websites
France201 websites
Netherlands115 websites
Poland98 websites
GB77 websites
Spain55 websites
Denmark52 websites
Japan48 websites
Russia37 websites

CVE-2024-22305 usage by TLD

.com829 websites
.de176 websites
.org122 websites
.nl106 websites
.pl79 websites
.fr74 websites
.net60 websites
.co.uk57 websites
.com.br38 websites
.ru34 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-22305

Top websites that are affected by CVE-2024-22305. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
***.mu France**,***
***************.com Italy***,***
**************.com United States***,***
************.com United States***,***
****.****.***.ph Philippines***,***
*********.it Italy***,***
****************.com United States***,***
******************.com United States***,***
****************.com United States*,***,***
*********.de Denmark*,***,***
See full domain list

FAQ

CVE-2024-22305 is Authorization Bypass Through User-Controlled Key in Kali Forms
A total of 2,230 websites have been identified as vulnerable to CVE-2024-22305, discovered through global website indexing conducted by WebTechSurvey.
Kali Forms is susceptible to CVE-2024-22305 vulnerability.
Kali Forms versions before, and including, 2.3.36 are vulnerable to CVE-2024-22305.