CVE-2024-1217 is a missing authorization vulnerability (CWE-862) found in the Kali Forms WordPress plugin, specifically in the await_plugin_deactivation function. This function lacks proper capability checks, allowing any authenticated user with subscriber-level privileges or higher to deactivate active plugins on the WordPress site. Since WordPress roles such as subscriber typically have limited permissions, this vulnerability effectively elevates their privileges, enabling them to disrupt site operations by disabling critical plugins, including security or functionality plugins. The vulnerability affects all versions of Kali Forms up to and including 2.3.41. Exploitation requires only authentication and no additional user interaction, making it relatively easy to abuse once credentials are obtained. The CVSS 3.1 score of 7.6 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L) indicates network exploitable with low attack complexity, requiring low privileges but no user interaction, with a high impact on integrity and low to moderate impact on confidentiality and availability. Although no public exploits are reported yet, the vulnerability poses a significant risk to WordPress sites using this plugin, as attackers can disable security plugins or other critical components, potentially leading to further compromise or service disruption.

The primary impact of this vulnerability is the unauthorized deactivation of plugins by low-privilege authenticated users, which can severely compromise the integrity and availability of affected WordPress sites. By disabling security plugins, attackers can remove protections such as firewalls, malware scanners, or login restrictions, increasing the risk of further exploitation. Disabling functionality plugins can disrupt business operations, degrade user experience, or cause site downtime. Since WordPress powers a significant portion of the web, including many business and government sites, the scope of impact is broad. Attackers with subscriber-level access, which can be obtained via phishing, credential stuffing, or other means, can exploit this vulnerability to escalate privileges indirectly and cause operational damage. The confidentiality impact is lower but still present, as disabling security controls may facilitate data breaches. Overall, this vulnerability can lead to significant operational disruption, increased attack surface, and potential reputational damage for affected organizations.

Organizations should immediately update the Kali Forms plugin to a version where this vulnerability is patched once available. Until a patch is released, administrators should restrict subscriber-level user registrations or monitor such accounts closely. Implementing strict access controls and multi-factor authentication can reduce the risk of credential compromise. Additionally, site administrators can temporarily disable or remove the Kali Forms plugin if it is not critical to operations. Monitoring plugin status and audit logs for unauthorized deactivation events can help detect exploitation attempts. Employing a web application firewall (WAF) with rules to detect anomalous plugin management requests may provide additional protection. Regular backups and incident response plans should be in place to recover quickly from any malicious plugin deactivation. Finally, educating users about phishing and credential hygiene will reduce the likelihood of attackers gaining subscriber-level access.