LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-3584

CVE-2026-3584 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 20, 2026

Kali Forms WordPress plugin - Remote Code Execution

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Kali Forms WordPress plugin <= 2.4.9 contains a remote code execution caused by unsafe user input handling in 'form_process' and 'prepare_post_data' functions, letting unauthenticated attackers execute code on the server, exploit requires no authentication.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can execute arbitrary code on the server, potentially leading to full system compromise.

Mitigation

Update to the latest version beyond 2.4.9.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸ”“ CVE-2026-3584 - Critical (9.8) The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into intern... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-3584/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸ”“ CVE-2026-3584 - Critical (9.8) The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into intern... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-3584/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸ”“ CVE-2026-3584 - Critical (9.8) The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into intern... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-3584/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸ”“ CVE-2026-3584 - Critical (9.8) The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into intern... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-3584/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-3584
Severity
Critical
CVSS Score
9.8
Type
command_injection
Status
new
EPSS
0.0%
Social Posts
4

CWE

  • CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days