Wpchill Kali Forms — Contact Form & Drag-and-drop Builder
7 CVEs affecting Wpchill Kali Forms — Contact Form & Drag-and-drop Builder. Latest disclosed: 2026-03-20. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-3584 | Critical | 9.8 | 2026-03-20 | The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is… |
CVE-2020-36717 | High | 8.8 | 2023-06-07 | The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handlin… |
CVE-2020-36712 | High | 8.6 | 2023-06-07 | The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kalifo… |
CVE-2024-1217 | High | 7.6 | 2024-02-20 | The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing ca… |
CVE-2020-36720 | High | 7.1 | 2023-06-07 | The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lac… |
CVE-2026-1860 | Medium | 4.3 | 2026-02-18 | The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the `get_item… |
CVE-2024-1218 | Medium | 4.3 | 2024-02-20 | The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API… |