CVE-2024-1217

Name of the Vulnerable Software and Affected Versions Kali Forms plugin for WordPress versions up to, and including, 2.3.41

Description The issue arises from a missing capability check on the await plugin deactivation function, allowing authenticated attackers with subscriber access or higher to deactivate any active plugins. This can be exploited by attackers to disable security plugins or other critical plugins, potentially leading to further vulnerabilities.

Recommendations For versions up to, and including, 2.3.41, update to a version higher than 2.3.41 to resolve the issue. As a temporary workaround, consider restricting access to the await plugin deactivation function to prevent unauthorized plugin deactivation.