CVE CyberSecurity Database News

CVE-2023-46083 - Exploiting Missing Authorization in Kali Forms Contact Form Builder (Drag & Drop) – How Unauthorized Access is Possible (With Exploit Steps)

Poster -

---

Kali Forms is a popular WordPress plugin designed to help users easily build contact forms using a drag-and-drop interface. While the plugin empowers website owners with simple tools for fast form creation, it can also create security risks if not properly implemented. In the case of CVE-2023-46083, a critical missing authorization vulnerability was discovered that lets attackers bypass access controls in all versions through 2.3.27. This post explains the issue in simple terms, demonstrates exploitation, and provides references for remediation.

What Actually Is CVE-2023-46083?

CVE-2023-46083 is a Missing Authorization vulnerability in the “Contact Form Builder with Drag & Drop – Kali Forms” plugin. In basic language, this means the plugin fails to check if a user is allowed to perform certain actions or access certain data.

Affected Plugin: Contact Form builder with drag & drop – Kali Forms
Versions: All through 2.3.27
Vulnerability Type: Missing Authorization (Improper Access Controls)
Impact: Unauthorized users can access or modify sensitive form data and settings.

Perform other admin-level actions without permission

This can lead to data breaches or site compromise.

How Does the Exploit Work?

Kali Forms uses AJAX actions to let users add, delete, or retrieve form data. But in affected versions, these AJAX actions don’t always check if the requester has enough permission (like being logged in as admin). Anyone – even anonymous visitors – can call these actions directly.

Typical Vulnerable AJAX Endpoint Example:

// File: includes/class-kaliforms-ajax.php
add_action('wp_ajax_kaliforms_save_form', array($this, 'save_form'));
add_action('wp_ajax_nopriv_kaliforms_save_form', array($this, 'save_form')); // <-- Problem

Here, both logged-in and non-logged-in users can reach kaliforms_save_form.

Real Exploit Scenario

Let’s say you have a form at https://example.com/contact. An attacker only needs to send a POST request to the site’s AJAX endpoint with the right action and payload.

Exploit Script Example (using curl):

# This request saves (overwrites) a form without authorization!
curl -X POST https://example.com/wp-admin/admin-ajax.php \
  -d "action=kaliforms_save_form" \
  -d "form_id=1" \
  -d "form_data={\"title\":\"PWNED\",\"fields\":[]}"

What happens?
- The attacker overwrites form #1 with their own data, possibly deleting real fields or defacing your contact form.

You Can Automate Enumeration

Attackers can loop through form IDs and retrieve or modify all forms.

How To Test If You’re Vulnerable

You don’t need advanced tools – a simple browser or curl is enough.

1. Find your site's AJAX endpoint (/wp-admin/admin-ajax.php)

See if you can alter or fetch form data.

If you get form data or can make changes, your site is vulnerable!

References (Read More)

- WPScan Advisory: wpscan.com/vulnerability/67d6d239-b48-4af7-bff8-121ea71a09b4
- NVD – CVE-2023-46083
- Official Kali Forms plugin page

How To Fix

Update your plugin
Developers fixed this in version 2.3.28. If you use 2.3.27 or earlier, update immediately!

Summary

CVE-2023-46083 lets anyone overwrite or access your contact forms in Kali Forms through version 2.3.27. If you use Kali Forms on your WordPress website, update the plugin now to stay safe. A single missing permission check could let strangers break your forms – or worse.

Stay secure and keep your plugins current!

*Share this post with other WordPress users vulnerable to Kali Forms issues – and stay patched!*

Timeline

Published on: 01/02/2025 12:15:10 UTC