Vulnerability Details CVE-2020-36720
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated attacker to change (or delete) the plugin's settings.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.8%
CVSS Severity
CVSS v3 Score 7.1
References
- https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/
- https://wordpress.org/plugins/kali-forms/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9ed8e24d-6bd0-4638-9031-997ce2228fad?source=cve
- https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/
- https://wordpress.org/plugins/kali-forms/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9ed8e24d-6bd0-4638-9031-997ce2228fad?source=cve
Products affected by CVE-2020-36720
-
cpe:2.3:a:kaliforms:kali_forms:1.0.0
-
cpe:2.3:a:kaliforms:kali_forms:1.1.0
-
cpe:2.3:a:kaliforms:kali_forms:1.2.0
-
cpe:2.3:a:kaliforms:kali_forms:1.3.0
-
cpe:2.3:a:kaliforms:kali_forms:1.4.0
-
cpe:2.3:a:kaliforms:kali_forms:1.5.0
-
cpe:2.3:a:kaliforms:kali_forms:1.6.0
-
cpe:2.3:a:kaliforms:kali_forms:1.6.1
-
cpe:2.3:a:kaliforms:kali_forms:1.6.2
-
cpe:2.3:a:kaliforms:kali_forms:1.6.3
-
cpe:2.3:a:kaliforms:kali_forms:1.6.4
-
cpe:2.3:a:kaliforms:kali_forms:1.6.5
-
cpe:2.3:a:kaliforms:kali_forms:2.0.0
-
cpe:2.3:a:kaliforms:kali_forms:2.0.1
-
cpe:2.3:a:kaliforms:kali_forms:2.0.2
-
cpe:2.3:a:kaliforms:kali_forms:2.0.3
-
cpe:2.3:a:kaliforms:kali_forms:2.0.4
-
cpe:2.3:a:kaliforms:kali_forms:2.0.5
-
cpe:2.3:a:kaliforms:kali_forms:2.0.6
-
cpe:2.3:a:kaliforms:kali_forms:2.1.0
-
cpe:2.3:a:kaliforms:kali_forms:2.1.1