WordPress Plugin Vulnerabilities

Contact Form - Form builder by Kali Forms < 2.1.2 - Multiple CSRF Bypass Issues

Description

Throughout the plugin’s code, security nonces can be bypassed because they are only checked if they are set.

Affects Plugins

Plugin icon
kali-forms
Fixed in 2.1.2

References

CVE
CVE-2020-36717
URL
https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet)
Verified
No
WPVDB ID
f0f06698-9e6a-4687-8df5-f924066e27c5

Timeline

Publicly Published
2020-08-21 (about 5 years ago)
Added
2020-08-21 (about 5 years ago)
Last Updated
2023-06-08 (about 2 years ago)

Other

Published
Title
Published
2024-12-23
Title
Advanced Google reCAPTCHA < 1.26 - Brute Force Protection IP Unblock
Published
2022-11-29
Title
Appointment Hour Booking < 1.3.73 - CAPTCHA Bypass
Published
2014-12-02
Title
InfiniteWP Client <= 1.3.7 - Privilege Escalation
Published
2015-02-22
Title
WP Ultimate CSV Importer <= 3.6.74 - Database Table Export
Published
2024-04-15
Title
Zero Spam < 5.5.7 - Spam Protection Bypass