CVE-2024-1217: CWE-862 Missing Authorization in wpchill Kali Forms — Contact Form & Drag-and-Drop Builder
The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins.
AI Analysis
Technical Summary
The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress suffers from a missing capability check in the await_plugin_deactivation function, enabling authenticated users with minimal privileges (subscriber or higher) to deactivate active plugins without proper authorization. This vulnerability is tracked as CVE-2024-1217 and is classified under CWE-862 (Missing Authorization). It affects all versions up to 2.3.41 and has a CVSS 3.1 base score of 7.6, indicating high severity. The vulnerability allows an attacker to impact plugin availability, potentially disrupting site functionality.
Potential Impact
An attacker with subscriber-level access or higher can exploit this vulnerability to deactivate any active plugins on the affected WordPress site. This can lead to loss of critical plugin functionality, potentially affecting site security, availability, or user experience. The confidentiality impact is low, but integrity and availability impacts are high and low respectively according to the CVSS vector.
Mitigation Recommendations
No official patch or fix is currently listed. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict subscriber-level access and higher to trusted users only. Monitor for updates from the wpchill vendor regarding an official fix and apply it promptly once released.
CVE-2024-1217: CWE-862 Missing Authorization in wpchill Kali Forms — Contact Form & Drag-and-Drop Builder
Description
The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress suffers from a missing capability check in the await_plugin_deactivation function, enabling authenticated users with minimal privileges (subscriber or higher) to deactivate active plugins without proper authorization. This vulnerability is tracked as CVE-2024-1217 and is classified under CWE-862 (Missing Authorization). It affects all versions up to 2.3.41 and has a CVSS 3.1 base score of 7.6, indicating high severity. The vulnerability allows an attacker to impact plugin availability, potentially disrupting site functionality.
Potential Impact
An attacker with subscriber-level access or higher can exploit this vulnerability to deactivate any active plugins on the affected WordPress site. This can lead to loss of critical plugin functionality, potentially affecting site security, availability, or user experience. The confidentiality impact is low, but integrity and availability impacts are high and low respectively according to the CVSS vector.
Mitigation Recommendations
No official patch or fix is currently listed. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict subscriber-level access and higher to trusted users only. Monitor for updates from the wpchill vendor regarding an official fix and apply it promptly once released.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-02-02T20:01:53.226Z
- Cisa Enriched
- true
Threat ID: 682d9840c4522896dcbf1090
Added to database: 5/21/2025, 9:09:20 AM
Last enriched: 4/9/2026, 1:32:42 PM
Last updated: 5/8/2026, 12:03:30 PM
Views: 96
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.