CVE-2020-36720
HIGH EXPLOITEDKali Forms < 2.1.1 - Authenticated Options Change via update_option
Title source: llmExploitation Summary
CVE-2020-36720 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated attacker to change (or delete) the plugin's settings.
References (3)
Core 3
Core References
Broken Link, Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/9ed8e24d-6bd0-4638-9031-997ce2228fad?source=cve
Scores
CVSS v3
7.1
EPSS
0.0079
EPSS Percentile
51.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2020-08-21
CWE
CWE-862
Status
published
Products (2)
kaliforms/kali_forms
< 2.1.1
wpchill/Kali Forms — Contact Form & Drag-and-Drop Builder
< 2.1.2
Published
Jun 07, 2023
Tracked Since
Feb 18, 2026