Medium severity4.3NVD Advisory· Published Feb 29, 2024· Updated Apr 8, 2026

CVE-2024-1218

Description

The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries.

Affected products

Kaliforms/Contact Form Builder
cpe:2.3:a:kaliforms:contact_form_builder:*:*:*:*:*:wordpress:*:*
Range: <2.3.41

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/3036466/kali-forms/trunknvdPatch
www.wordfence.com/threat-intel/vulnerabilities/id/ed1aae32-6040-4c42-b8a7-4c3be371a8c0nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000