A vulnerability was found in Kali Forms Plugin up to 2.4.16 on WordPress. It has been declared as critical. This issue affects some unknown processing. Such manipulation of the argument file-upload leads to unrestricted upload.
This vulnerability is documented as CVE-2026-11579. The attack can be executed remotely. There is not any exploit available.