PT-2023-11862 · WordPress · Kali Forms
Jerome Bruandet
·
Published
2023-06-07
·
Updated
2023-06-13
·
CVE-2020-36720
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Kali Forms plugin for WordPress versions up to, and including, 2.1.1
Description
The issue arises from the
update option lacking proper authentication checks, allowing any authenticated attacker to change or delete the plugin's settings. This enables authenticated attackers to modify settings without proper authorization.Recommendations
For versions up to, and including, 2.1.1, update to a version that includes proper authentication checks for the
update option to prevent unauthorized changes to the plugin's settings.Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kali Forms