CVE-2020-36720
📋 TL;DR
The Kali Forms WordPress plugin up to version 2.1.1 contains an authenticated options change vulnerability due to missing authentication checks in the update_option function. This allows any authenticated WordPress user (subscriber level or higher) to modify or delete the plugin's settings. Websites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- WordPress Kali Forms plugin
📦 What is this software?
Kali Forms by Kaliforms
⚠️ Risk & Real-World Impact
Worst Case
An attacker could disable the plugin entirely, modify form configurations to capture sensitive data, or potentially chain with other vulnerabilities to escalate privileges or compromise the WordPress installation.
Likely Case
Malicious authenticated users could disrupt form functionality, modify form submissions to redirect to malicious sites, or alter settings to collect sensitive information from users.
If Mitigated
With proper user access controls and monitoring, impact is limited to potential service disruption rather than data compromise.
🎯 Exploit Status
Exploitation requires authenticated access to WordPress. The vulnerability is well-documented and simple to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.2 and later
Vendor Advisory: https://wordpress.org/plugins/kali-forms/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Kali Forms and click 'Update Now'. 4. Alternatively, download version 2.1.2+ from WordPress.org and manually replace the plugin files.
🔧 Temporary Workarounds
Temporary plugin deactivation
allDisable the Kali Forms plugin until patched
wp plugin deactivate kali-forms
Restrict user roles
allLimit authenticated users to only trusted administrators
🧯 If You Can't Patch
- Remove the Kali Forms plugin entirely and use alternative form solutions
- Implement strict user access controls and monitor for unauthorized configuration changes
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Kali Forms → Version. If version is 2.1.1 or lower, you are vulnerable.Check Version:
wp plugin get kali-forms --field=versionVerify Fix Applied:
After updating, confirm Kali Forms version is 2.1.2 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unauthorized POST requests to Kali Forms admin endpoints
- Sudden changes to Kali Forms settings in database
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with kali_forms action parameters from non-admin users
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php" AND post_data CONTAINS "kali_forms") AND user_role!="administrator"🔗 References
- https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/
- https://wordpress.org/plugins/kali-forms/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9ed8e24d-6bd0-4638-9031-997ce2228fad?source=cve
- https://blog.nintechnet.com/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities/
- https://wordpress.org/plugins/kali-forms/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9ed8e24d-6bd0-4638-9031-997ce2228fad?source=cve
