N/A
2026-02-17< 2.4.9
Kali Forms <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure
Kali Forms — Contact Form & Drag-and-Drop Builder
Minimum safe version
2.4.10
Update to 2.4.10 or later to address 20 fixable vulnerabilities
Latest available2.4.11 ✓
N/A
2026-03-20< 2.4.10
Kali Forms <= 2.4.9 - Unauthenticated Remote Code Execution via form_process
Medium 5.9
2025-05-16< 2.4.3
WordPress Contact Form builder with drag & drop - Kali Forms Plugin < 2.4.3 is vulnerable to Cross Site Scripting (XSS)
Medium 5.4
2024-02-20< 2.3.42
CVE-2024-1218
Medium 4.3
2024-02-20< 2.3.42
CVE-2024-1217
High 7.5
2024-01-31< 2.3.37
CVE-2024-22305
Medium 5.3
2025-01-02< 2.3.28
CVE-2023-46083
Medium 6.5
2025-01-02< 2.3.29
CVE-2023-45275
High 7.1
2023-06-07< 2.1.2
CVE-2020-36720
High 8.6
2023-06-07< 2.1.2
CVE-2020-36712
High 8.8
2023-06-07< 2.1.2
CVE-2020-36717
N/A
< 2.1.2
Contact Form - Form builder by Kali Forms < 2.1.2 - Unauthenticated Arbitrary Post Deletion
N/A
< 2.1.2
Contact Form - Form builder by Kali Forms < 2.1.2 - Multiple CSRF Bypass Issues
N/A
< 2.1.2
Contact Form - Form builder by Kali Forms < 2.1.2 - Authenticated Plugin's Settings Change
N/A
2020-08-21< 2.1.2
Kali Forms <= 2.1.1 - Cross-Site Request Forgery
N/A
2020-08-21< 2.1.2
Kali Forms <= 2.1.1 - Missing Authorization to Settings Update
N/A
2020-08-21< 2.1.2
Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post Deletion
N/A
2020-08-21< 2.1.2
WordPress Contact Form builder with drag & drop plugin <= 2.1.1 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
N/A
2020-08-21< 2.1.2
WordPress Contact Form builder with drag & drop plugin <= 2.1.1 - Authenticated Plugin Settings Change vulnerability
N/A
2020-08-21< 2.1.2
WordPress Contact Form builder with drag & drop plugin <= 2.1.1 - Unauthenticated Arbitrary Post Deletion vulnerability