132 matches found
CVE-2025-3471 SureForms < 1.4.4 - Contributor+ Settings Update
The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action...
CVE-2025-3471
CVE-2025-3471 concerns the SureForms WordPress plugin, prior to version 1.4.4. The root cause is an insufficient authorisation check when updating plugin settings via the REST API, potentially allowing a user with Contributor or higher privileges to perform settings updates. Public details across...
PT-2025-18233 · WordPress · Sureforms
Name of the Vulnerable Software and Affected Versions: SureForms WordPress plugin versions prior to 1.4.4 Description: The issue concerns a lack of proper authorization checks when updating settings via the REST API, potentially allowing Contributor and above roles to perform such actions...
WordPress plugin SureForms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-12713
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handleexportform function due to a missing capability check. This makes it possible for unauthenticated attackers to export data...
CVE-2024-12713
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handleexportform function due to a missing capability check. This makes it possible for unauthenticated attackers to export data...
CVE-2024-12713 SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handleexportform function due to a missing capability check. This makes it possible for unauthenticated attackers to export data...
CVE-2024-12713 SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handleexportform function due to a missing capability check. This makes it possible for unauthenticated attackers to export data...
CVE-2024-12713
CVE-2024-12713 affects the SureForms – Drag and Drop Form Builder for WordPress plugin. It exposes information via handle_export_form() due to a missing capability check, allowing unauthenticated export of data from password‑protected, private, or draft posts. Impact is information exposure (per ...
WordPress plugin SureForms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-1935 · WordPress · Sureforms
Name of the Vulnerable Software and Affected Versions: SureForms – Drag and Drop Form Builder for WordPress versions up to, and including, 1.2.2 Description: The issue concerns a missing capability check in the handle export form function, allowing unauthenticated attackers to export data from...
WordPress SureForms plugin <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure vulnerability
Missing Authorization to Unauthenticated Protected Post Disclosure vulnerability discovered by Lucio Sá in WordPress Plugin SureForms versions = 1.2.2...