CVE-2024-1218

Name of the Vulnerable Software and Affected Versions Kali Forms plugin for WordPress versions prior to 2.3.42

Description The Kali Forms plugin for WordPress is affected by an issue that allows unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries.

Recommendations For versions prior to 2.3.42, update to version 2.3.42 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST endpoints to minimize the risk of exploitation.