| |
Vulnerability CVE-2024-1217
Published: 2024-02-29
| Description: |
The Contact Form builder with drag & drop for WordPress ?? Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins. |
References: |
https://www.wordfence.com/threat-intel/vulnerabilities/id/7be75b0a-737d-4f0d-b024-e207af4573cd?source=cve
https://plugins.trac.wordpress.org/changeset/3036466/kali-forms/trunk?contextall=1&old=3029334&old_path=%2Fkali-forms%2Ftrunk
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
