Hackers Actively Exploiting 9.8 Critical RCE Flaw in Kali Forms WordPress Plugin
Ddos 
The attackers begin actively exploiting a critical vulnerability in Kali Forms, a popular drag-and-drop form builder WordPress plugin. With over 10,000 active installations, the plugin is a favorite for site owners looking to create everything from simple contact forms to complex payment gateways.The vulnerability, tracked as CVE-2026-3584, has been assigned a CVSS severity score of 9.8, signaling an “emergency” level of risk for affected websites.
The core of the issue lies within the plugin’s form_process function. Security researchers discovered a dangerous sequence of events where the prepare_post_data function maps user-supplied keys directly into internal placeholder storage.
Because these placeholders are later processed using call_user_func, the plugin essentially hands the steering wheel to any visitor on the internet.
“This makes it possible for unauthenticated attackers to execute code on the server.”
In simpler terms, an attacker doesn’t need a username, a password, or even a low-level “subscriber” account to take control. They can simply send a malicious request to the form, tricking the server into running their own commands.
This isn’t just a theoretical risk; the vulnerability is currently being exploited in the wild. Security firm Wordfence reported a significant surge in malicious activity targeting this specific flaw.
Wordfence blocked 2,370 attacks targeting this vulnerability in just the past 24 hours. Any site running Kali Forms version 2.4.9 or older is a potential target.
The developers behind Kali Forms have released a security update to address the flaw. If you manage a WordPress site, check your plugin list immediately.
Upgrade to version 2.4.10 or higher right away. Given that attackers are actively scanning for vulnerable sites, delaying this update could result in a full site takeover, data theft, or the installation of persistent malware on your server.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
