Lucene search
K

132 matches found

Cvelist
Cvelist
added 2025/04/30 6:0 a.m.26 views

CVE-2025-3471 SureForms < 1.4.4 - Contributor+ Settings Update

The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action...

0.0029EPSS
Exploits1References1
CVE
CVE
added 2025/04/30 6:0 a.m.66 views

CVE-2025-3471

CVE-2025-3471 concerns the SureForms WordPress plugin, prior to version 1.4.4. The root cause is an insufficient authorisation check when updating plugin settings via the REST API, potentially allowing a user with Contributor or higher privileges to perform settings updates. Public details across...

4.9CVSS6.8AI score0.0029EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/30 12:0 a.m.5 views

PT-2025-18233 · WordPress · Sureforms

Name of the Vulnerable Software and Affected Versions: SureForms WordPress plugin versions prior to 1.4.4 Description: The issue concerns a lack of proper authorization checks when updating settings via the REST API, potentially allowing Contributor and above roles to perform such actions...

4.9CVSS6.1AI score0.0029EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/04/30 12:0 a.m.6 views

WordPress plugin SureForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.9CVSS6.2AI score0.0029EPSS
Exploits1References1
OSV
OSV
added 2025/01/08 4:15 a.m.5 views

CVE-2024-12713

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handleexportform function due to a missing capability check. This makes it possible for unauthenticated attackers to export data...

5.3CVSS7.3AI score0.00331EPSS
Exploits0References2
NVD
NVD
added 2025/01/08 4:15 a.m.15 views

CVE-2024-12713

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handleexportform function due to a missing capability check. This makes it possible for unauthenticated attackers to export data...

5.3CVSS0.00331EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/08 3:18 a.m.5 views

CVE-2024-12713 SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handleexportform function due to a missing capability check. This makes it possible for unauthenticated attackers to export data...

5.3CVSS6.9AI score0.00331EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/08 3:18 a.m.12 views

CVE-2024-12713 SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handleexportform function due to a missing capability check. This makes it possible for unauthenticated attackers to export data...

5.3CVSS0.00331EPSS
Exploits0References2
CVE
CVE
added 2025/01/08 3:18 a.m.52 views

CVE-2024-12713

CVE-2024-12713 affects the SureForms – Drag and Drop Form Builder for WordPress plugin. It exposes information via handle_export_form() due to a missing capability check, allowing unauthenticated export of data from password‑protected, private, or draft posts. Impact is information exposure (per ...

5.3CVSS5.3AI score0.00331EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/01/08 12:0 a.m.4 views

WordPress plugin SureForms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS7.8AI score0.00331EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.6 views

PT-2025-1935 · WordPress · Sureforms

Name of the Vulnerable Software and Affected Versions: SureForms – Drag and Drop Form Builder for WordPress versions up to, and including, 1.2.2 Description: The issue concerns a missing capability check in the handle export form function, allowing unauthenticated attackers to export data from...

5.3CVSS9.4AI score0.00331EPSS
Exploits0References9
Patchstack
Patchstack
added 2025/01/07 6:48 p.m.5 views

WordPress SureForms plugin <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure vulnerability

Missing Authorization to Unauthenticated Protected Post Disclosure vulnerability discovered by Lucio Sá in WordPress Plugin SureForms versions = 1.2.2...

5.3CVSS7AI score0.00331EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder