CVE-2020-36712— Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post Deletion

Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post Deletion

The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

授权机制缺失

WordPress Plugin Kali Forms 安全漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin Kali Forms 存在安全漏洞，该漏洞源于 kaliforms_form_delete_uploaded_file 函数缺少任何特权保护或用户保护。

N/A

N/A