CVE-2026-3584 Scanner

Kali Forms is a popular WordPress plugin used for form creation and management on WordPress sites. It is widely utilized by website administrators and developers to facilitate user input through customizable forms. The plugin offers a variety of form templates, supporting functionalities such as contact forms, feedback forms, and surveys. Its ease of use and flexibility make it an attractive choice for users looking to add forms to their WordPress sites without extensive coding knowledge. However, as with any software component that handles user input, it's crucial to ensure secure handling to prevent potential exploits. Regular updates and security reviews are recommended to maintain a secure environment.

This scanner detects a critical Remote Code Execution (RCE) vulnerability in the Kali Forms WordPress plugin. This vulnerability arises from improper handling of user inputs in certain functions, which could allow attackers to execute arbitrary code on the server. It's classified as being highly severe due to its potential to compromise affected systems entirely. The exploitation of this vulnerability does not require authentication, which further increases its risk profile. Consequently, it's crucial for users of affected versions to address this security issue promptly.

The technical details reveal that the vulnerability resides in the 'form_process' and 'prepare_post_data' functions of the plugin. These functions insufficiently sanitize user input, creating an opportunity for attackers to inject and execute code on the server. The scanner checks various endpoints such as '/contact-us/', '/contact/', '/form/', '/feedback/' to verify if the system is vulnerable. It extracts information like the nonce and form ID to perform a POST request that demonstrates the vulnerability by successfully executing 'phpinfo()', indicating potential code execution.

If exploited, this vulnerability could lead to severe consequences, including a full system compromise. Malicious actors could gain unauthorized access, execute arbitrary commands, and potentially take control of the affected server. This might result in the exposure of sensitive data, disruption of service, and could be leveraged to launch further attacks. It emphasizes the importance of swiftly updating to a secure version and reinforcing security practices associated with handling inputs.

REFERENCES

• https://wordpress.org/plugins/kali-forms/
• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/kali-forms/kali-forms-249-unauthenticated-remote-code-execution-via-form-process