The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated malicious users to delete any site post or page with the id parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kaliforms kali forms |