PatchSiren cyber security CVE debrief
CVE-2026-15395 wpchill CVE debrief
The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'digitalSignature' Field Value in all versions up to, and including, 2.4.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability exists in the 'digitalSignature' field of the Kali Forms plugin, allowing unauthenticated attackers to inject malicious scripts. Users of Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress, version 2.4.18 or earlier, should be aware of this vulnerability and take immediate action to protect their applications.
- Vendor
- wpchill
- Product
- Kali Forms — Contact Form & Drag-and-Drop Builder
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress, version 2.4.18 or earlier, should be aware of this vulnerability and take immediate action to protect their applications. This includes updating the Kali Forms plugin to a version beyond 2.4.18, reviewing and sanitizing all user inputs, and implementing additional security measures to prevent cross-site scripting. Affected operators, platforms, and security teams should prioritize updating the plugin and review compensating controls for exposed systems.
Technical summary
The Kali Forms — Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'digitalSignature' Field Value in all versions up to, and including, 2.4.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The required form-submission nonce is publicly available on any page containing the form shortcode, making this exploitable without any precondition beyond the form being published. Affected product deployments should be confirmed in managed environments and assigned an owner for follow-up. The vulnerability exists in the 'digitalSignature' field of the Kali Forms plugin, allowing unauthenticated attackers to inject malicious scripts. Review compensating controls for exposed systems while remediation is scheduled and verified.
Defensive priority
High priority should be given to updating the Kali Forms plugin to a version that addresses this vulnerability. Review compensating controls for exposed systems while remediation is scheduled and verified. Track exceptions, retest remediated assets, and close the item only after evidence is documented. Implement additional security measures to prevent cross-site scripting, such as sanitizing all user inputs and monitoring for suspicious activity. Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up. Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed. Check relevant monitoring, detection, and logs for exposed assets that need extra review. Rollback change windows and source tracking should be considered if necessary. Asset inventory and exposure review are also recommended to ensure all affected systems are accounted for and properly secured. Monitoring and detection capabilities should be reviewed to ensure they can detect potential exploitation attempts. Security teams should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance. The required form-submission nonce is publicly available on any page containing the form shortcode, making this exploitable by fully unauthenticated attackers without any precondition beyond the form being published. Therefore, it is crucial to prioritize and expedite the remediation process to minimize potential damage. Additionally, consider implementing source tracking to monitor for potential exploitation attempts and asset inventory to ensure all affected systems are accounted for and properly secured. Compensating controls should be reviewed and implemented if necessary to prevent exploitation. It is essential to review and sanitize all user inputs to prevent cross-site scripting attacks. By taking these steps, organizations can minimize the risk associated with this vulnerability and protect their applications from potential exploitation. The Kali Forms plugin vulnerability is a high-severity issue that requires immediate attention and remediation. Therefore, it is a
Recommended defensive actions
- Update Kali Forms plugin to a version beyond 2.4.18
- Review and sanitize all user inputs
- Implement additional security measures to prevent cross-site scripting
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
Evidence from the CVE record and NVD detail indicates a high severity vulnerability with a CVSS score of 7.2. The vulnerability allows for arbitrary web script injection, posing a significant risk to affected applications. Affected product deployments should be confirmed in managed environments and assigned an owner for follow-up. The required form-submission nonce is publicly available on any page containing the form shortcode, making this exploitable by fully unauthenticated attackers without any precondition beyond the form being published. Defenders should verify the presence of Kali Forms plugin version 2.4.18 or earlier and review compensating controls for exposed systems.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T04:16:50.840Z and has not been modified since.