CVE-2024-1217 is a vulnerability identified in the Kali Forms WordPress plugin, specifically the Contact Form builder with drag & drop functionality. The flaw arises from a missing authorization check in the await_plugin_deactivation function, which is responsible for handling plugin deactivation requests. This missing capability check means that any authenticated user with subscriber-level access or higher can exploit this vulnerability to deactivate any active plugin on the WordPress site. Since subscriber roles are typically assigned to users with minimal privileges, this vulnerability effectively allows low-privileged users to escalate their impact by disabling critical plugins, potentially disrupting site functionality or security controls. The vulnerability affects all versions of Kali Forms up to and including version 2.3.41. No public exploits have been reported in the wild as of the publication date, and no official patches have been linked yet. The underlying weakness is classified under CWE-862, which refers to missing authorization, indicating that the system fails to verify whether the user is permitted to perform the requested action. This vulnerability compromises the integrity and availability of the WordPress environment by allowing unauthorized plugin deactivation, which could lead to denial of service or removal of security plugins, thereby increasing the risk of further exploitation.

For European organizations using WordPress sites with the Kali Forms plugin, this vulnerability poses a significant risk to website availability and security posture. Unauthorized deactivation of plugins can disrupt business operations, especially if critical plugins related to e-commerce, security (such as firewalls or malware scanners), or compliance are disabled. This could lead to service outages, loss of customer trust, and potential regulatory non-compliance under frameworks like GDPR if personal data protection mechanisms are compromised. Additionally, attackers could leverage this vulnerability to disable security plugins, paving the way for further attacks such as data breaches or website defacements. The impact is particularly severe for organizations with multiple users having subscriber or higher roles, including content contributors or registered users, as it broadens the attack surface. Since WordPress powers a significant portion of websites in Europe, including those of SMEs, public institutions, and e-commerce platforms, the potential for disruption is considerable.

1. Immediate mitigation should involve restricting subscriber and other low-privilege user roles from accessing the plugin deactivation functionality by applying custom role-based access controls or using security plugins that enforce strict capability checks. 2. Administrators should monitor plugin status regularly and set up alerts for unexpected plugin deactivations. 3. Until an official patch is released, consider temporarily disabling or removing the Kali Forms plugin if it is not critical to operations. 4. Implement multi-factor authentication (MFA) for all user accounts to reduce the risk of compromised credentials being used to exploit this vulnerability. 5. Conduct a thorough audit of user roles and permissions to ensure that only trusted users have subscriber or higher access, minimizing the number of accounts that could exploit this flaw. 6. Stay informed about updates from the Kali Forms vendor and apply patches promptly once available. 7. Employ web application firewalls (WAFs) with custom rules to detect and block unauthorized plugin deactivation attempts targeting this vulnerability.