Product
The Kali Forms - Contact Form & Drag-and-Drop Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'digitalSignature' field in versions up to and including 2.4.18, allowing unauthenticated attackers to inject arbitrary web scripts that execute when a user accesses an affected page.