CVE-2020-36717 in Kali Forms Plugin
Summary
by MITRE • 06/07/2023
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/09/2026
The CVE-2020-36717 vulnerability affects the Kali Forms plugin for WordPress, representing a critical cross-site request forgery weakness that undermines the security posture of affected websites. This vulnerability stems from improper nonce handling mechanisms within the plugin's codebase, specifically in versions up to and including 2.1.1. The flaw exposes administrative functions to unauthorized access attempts by unauthenticated attackers who can manipulate the plugin's behavior through forged requests. The vulnerability's severity is amplified by the fact that it requires minimal user interaction from administrators, making it particularly dangerous in environments where administrators frequently visit external websites or click on links from untrusted sources.
The technical implementation of this CSRF vulnerability demonstrates a fundamental flaw in the plugin's authentication and authorization mechanisms. Nonces, which are cryptographic tokens designed to prevent unauthorized requests, are not properly validated or generated within the plugin's administrative functions. This allows attackers to craft malicious requests that appear legitimate to the WordPress system because they lack proper validation checks. The vulnerability affects the plugin's ability to distinguish between genuine administrative actions initiated by authenticated users and forged requests crafted by attackers, creating a pathway for privilege escalation and unauthorized modifications to form configurations, data handling, and other administrative settings.
The operational impact of this vulnerability extends beyond simple data theft or modification, as it provides attackers with potential access to sensitive form data and configuration settings that could be exploited for further attacks. Administrators who fall victim to this CSRF attack could unknowingly execute administrative functions such as form deletion, configuration changes, or data export operations that compromise the integrity of the website's data collection processes. The vulnerability is particularly concerning in enterprise environments where WordPress sites host critical data collection forms for customer interactions, surveys, or business processes, as successful exploitation could lead to data breaches or service disruption.
Mitigation strategies for CVE-2020-36717 should prioritize immediate plugin updates to versions that address the nonce handling issues, as this represents the most direct solution to the vulnerability. Organizations should implement additional security measures such as monitoring for suspicious administrative activities and ensuring that administrators are educated about the risks of clicking on untrusted links. The vulnerability aligns with CWE-352, which specifically addresses cross-site request forgery weaknesses in web applications, and relates to ATT&CK technique T1213.002 for data from information repositories, as it provides unauthorized access to form data and configurations. Network-level protections such as web application firewalls and security headers can provide additional defense-in-depth measures, though they cannot fully compensate for the underlying nonce validation failure in the plugin's code implementation.