CVE-2023-46083: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in the Kali Forms Contact Form builder with drag & drop WordPress plugin, tracked as CVE-2023-46083. The vulnerability affects versions up to and including 2.3.27, and was discovered by Revan Arifio. The issue was publicly disclosed on October 16, 2023, and allows unauthorized users to exploit incorrectly configured access control security levels (Patchstack, WPScan).

The vulnerability stems from a missing check in the runformprocesschecks function, which enables unauthenticated attackers to submit forms even when they are not currently published. The vulnerability has been assigned a CVSS v3.1 score of 5.3 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. It is classified under CWE-862 (Missing Authorization) and falls under the OWASP Top 10 category A5: Broken Access Control ([Patchstack](https://patchstack.com/database/wordpress/plugin/kali-forms/vulnerability/wordpress-kali-forms-plugin-2-3-27-broken-access-control-vulnerability?s_id=cve), WPScan).

The vulnerability allows unauthorized users to bypass access controls and submit forms that are not published, potentially leading to unauthorized data modification. The severity is considered medium due to its limited impact on system integrity (Patchstack).

The vulnerability has been patched in version 2.3.28 of the Kali Forms plugin. Users are advised to update to this version or later to remediate the security issue. The patch priority is considered low, and Patchstack users can enable auto-update for vulnerable plugins (Patchstack).