WordPress Plugin Vulnerability

Attackers Actively Exploiting Critical Vulnerability in Kali Forms Plugin

If your website runs the Kali Forms plugin, you need to stop and read this. On 2nd March 2026, a Remote Code Execution vulnerability was reported through Wordfence’s Bug Bounty Programme in Kali Forms, a plugin with more than 10,000 active installations. This is not a theoretical risk sitting in a researcher’s report. Attackers are