Main Vulnerability Database Vulnerabilities #VU45892

Improper access control in Kali Forms for WordPress - #VU45892

Published: August 21, 2020

Vulnerability identifier: #VU45892

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Kali Forms for WordPress

Software vendor:
KaliForms

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within kaliforms_update_option_ajax() AJAX action. A remote authenticated user can bypass implemented security restrictions and change plugin settings.

Note, this vulnerability can be also exploited via CSRF attack vector.

Remediation

Install updates from vendor's website.

External links

https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/

Improper access control in Kali Forms for WordPress - #VU45892

Description

Remediation

External links

Please verify you're human