Unauthorized Post Duplication in Kali Forms WordPress Plugin
CVE-2026-11580
Currently unrated
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 15 July 2026
Badges
πΎ Exploit Existsπ‘ Public PoC
What is CVE-2026-11580?
The Kali Forms β Contact Form & Drag-and-Drop Builder WordPress plugin prior to version 2.4.17 is susceptible to an insufficient access control vulnerability. This flaw allows users with Contributor-level access or higher to duplicate any post, circumventing ownership restrictions. As a result, these unauthorized users can create published posts containing sensitive metadata from other users' private posts, potentially exposing confidential information stored within the plugin.
Affected Version(s)
Kali Forms β Contact Form & Drag-and-Drop Builder 0 < 2.4.17
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.