{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T04:25:39.754","vulnerabilities":[{"cve":{"id":"CVE-2026-1860","sourceIdentifier":"security@wordfence.com","published":"2026-02-18T08:16:15.043","lastModified":"2026-06-17T10:16:37.610","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the `get_items_permissions_check()` permission callback on the `/kaliforms/v1/forms/{id}` REST API endpoint only checking for the `edit_posts` capability without verifying that the requesting user has ownership or authorization over the specific form resource. This makes it possible for authenticated attackers, with Contributor-level access and above, to read form configuration data belonging to other users (including administrators) by enumerating form IDs. Exposed data includes form field structures, Google reCAPTCHA secret keys (if configured), email notification templates, and server paths."},{"lang":"es","value":"El plugin Kali Forms para WordPress es vulnerable a Referencia Directa Insegura a Objeto en todas las versiones hasta la 2.4.8, inclusive. Esto se debe a que el callback de permisos 'get_items_permissions_check()' en el endpoint de la API REST '/kaliforms/v1/forms/{id}' solo verifica la capacidad 'edit_posts' sin verificar que el usuario solicitante tenga la propiedad o autorización sobre el recurso de formulario específico. Esto permite a atacantes autenticados, con acceso de nivel Colaborador o superior, leer datos de configuración de formularios pertenecientes a otros usuarios (incluidos los administradores) mediante la enumeración de IDs de formulario. Los datos expuestos incluyen estructuras de campos de formulario, claves secretas de Google reCAPTCHA (si están configuradas), plantillas de notificación por correo electrónico y rutas del servidor."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpchill","product":"Kali Forms — Contact Form & Drag-and-Drop Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.4.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-18T12:25:03.808659Z","id":"CVE-2026-1860","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/kali-forms/tags/2.4.8/Inc/Backend/Rest/class-forms-rest-controller.php#L116","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kali-forms/tags/2.4.8/Inc/Backend/Rest/class-forms-rest-controller.php#L251","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kali-forms/tags/2.4.8/Inc/Backend/Rest/class-forms-rest-controller.php#L62","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3460047/kali-forms/trunk?contextall=1&old=3435823&old_path=%2Fkali-forms%2Ftrunk","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a1529c89-5c5e-4a2d-be31-b55d2907c9b6?source=cve","source":"security@wordfence.com"}]}}]}