← Back to Blog

Remote Code Execution

Attackers Actively Exploiting Critical Vulnerability in Kali Forms Plugin

Attackers Actively Exploiting Critical Vulnerability in Kali Forms Plugin

If your website runs the Kali Forms plugin, you need to stop and read this. On 2nd March 2026, a Remote Code Execution vulnerability was reported through Wordfence’s Bug Bounty Programme in Kali Forms, a plugin with more than 10,000 active installations. This is not a theoretical risk sitting in a researcher’s report. Attackers are

Security Hardening

/

Tuesday, 14th April, 2026

Let's talk WordPress!

Whether you need a new site, improvements to your existing one, or technical support, I'm here to help. The quickest way to reach me is through this form - just tell me about your project and I'll get back to you promptly. Alternatively, you can call me on (01501) 404234 or email me at contact@wpguy.uk.


    Partners

    I've worked with

     
    NHS Scotland
    GE Capital
    Fujitsu
    Openreach
    Nalanda
    Vitality-Pro