What is CVE-2026-3584 — RCE in Kali Forms Contact Form Builder?

CVE-2026-3584 is a critical Remote Code Execution vulnerability affecting Kali Forms WordPress plugins versions 0.0.0–2.4.9. It allows attackers to execute arbitrary code on the server.

Am I affected by CVE-2026-3584 in Kali Forms Contact Form Builder?

If you are using Kali Forms version 2.4.9 or earlier, you are affected by this vulnerability. Upgrade to version 2.4.10 or later immediately.

How do I fix CVE-2026-3584 in Kali Forms Contact Form Builder?

The fix is to upgrade the Kali Forms plugin to version 2.4.10 or later. If upgrading is not possible, temporarily disable the plugin.

Is CVE-2026-3584 being actively exploited?

While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation make it a likely target.

Where can I find the official Kali Forms advisory for CVE-2026-3584?

Refer to the Kali Forms official website and WordPress plugin repository for the latest advisory and update information.

CVE-2026-3584 — Vulnerability Details

NEXTGUARD

Gratis scannen

CVE-2026-3584 — Vulnerability Details | NextGuard

Detectiestappenwordt vertaald…

• wordpress / composer / npm:

grep -r 'call_user_func' /var/www/html/wp-content/plugins/kali-forms/

• wordpress / composer / npm:

wp plugin list --status=all | grep 'kali-forms'

• wordpress / composer / npm:

wp plugin update kali-forms --all

• generic web: Check WordPress plugin directory for Kali Forms version 2.4.9 or earlier.

Kali Forms <= 2.4.9 - Ongeauthenticeerde Remote Code Execution via form_process

Impact en Aanvalsscenarios

Uitbuitingscontext

Wie Loopt Risicowordt vertaald…

Detectiestappenwordt vertaald…

Aanvalstijdlijn

Dreigingsinformatie

Getroffen Software

Zwakheidsclassificatie (CWE)

Tijdlijn

Mitigatie en Workarounds

Hoe te verhelpen

CVE Beveiligingsnieuwsbrief

Veelgestelde vragenwordt vertaald…

What is CVE-2026-3584 — RCE in Kali Forms Contact Form Builder?

Am I affected by CVE-2026-3584 in Kali Forms Contact Form Builder?

How do I fix CVE-2026-3584 in Kali Forms Contact Form Builder?

Is CVE-2026-3584 being actively exploited?

Where can I find the official Kali Forms advisory for CVE-2026-3584?

Pakketinformatie

Is jouw project getroffen?

Detecteer deze CVE in je project