kaliforms CVE Vulnerabilities & Metrics

Focus on kaliforms vulnerabilities and metrics.

Last updated: 07 Jun 2025, 22:25 UTC

About kaliforms Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with kaliforms. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total kaliforms CVEs: 5
Earliest CVE date: 07 Jun 2023, 02:15 UTC
Latest CVE date: 16 May 2025, 06:15 UTC

Latest CVE reference: CVE-2025-3201

Rolling Stats

30-day Count (Rolling): 1
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical kaliforms CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS kaliforms CVEs

These are the five CVEs with the highest CVSS scores for kaliforms, sorted by severity first and recency.

CVE-2025-3201 kaliforms Published on 16 May 2025, 06:15 UTC (CVSS: 0)
The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.
CVE-2024-22305 kaliforms Published on 31 Jan 2024, 12:16 UTC (CVSS: 0)
Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36.
CVE-2020-36720 kaliforms Published on 07 Jun 2023, 02:15 UTC (CVSS: 0)
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated attacker to change (or delete) the plugin's settings.
CVE-2020-36717 kaliforms Published on 07 Jun 2023, 02:15 UTC (CVSS: 0)
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions via forged request granted they can trick a site administrator into performing an action such as clic...
CVE-2020-36712 kaliforms Published on 07 Jun 2023, 02:15 UTC (CVSS: 0)
The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter.

All CVEs for kaliforms

CVE-2025-3201 kaliforms vulnerability CVSS: 0 16 May 2025, 06:15 UTC

The Contact Form builder with drag & drop for WordPress WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.

CVE-2024-22305 kaliforms vulnerability CVSS: 0 31 Jan 2024, 12:16 UTC

Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36.

CVE-2020-36720 kaliforms vulnerability CVSS: 0 07 Jun 2023, 02:15 UTC

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated attacker to change (or delete) the plugin's settings.

CVE-2020-36717 kaliforms vulnerability CVSS: 0 07 Jun 2023, 02:15 UTC

The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2020-36712 kaliforms vulnerability CVSS: 0 07 Jun 2023, 02:15 UTC

The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter.