Summary
Kali Forms for WordPress contains a critical unauthenticated remote code execution vulnerability (CVE-2026-3584) that is being exploited in the wild. Attackers can take full control of affected servers by sending malicious requests to the plugin's form processing function.
Take Action:
If you are using Kali Forms, this is urgent. Immediately update to version 2.4.10 to block active exploitation. If you cannot patch right away, disable the plugin.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)