5 matches found
WordPress SureForms Plugin Multiple Vulnerabilities (Jul 2025)
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:brainstormforce:sureforms"; if description...
CVE-2025-6691
creationtimestamp| type| source ---|---|--- 2025-07-09 08:24:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltjfbxqifc27 2025-07-11 15:53:46+00:00| seen| https://bsky.app/profile/thedailytechfeed.com/post/3ltp7cb7vzk2k...
CVE-2025-6691
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteentryfiles function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to...
CVE-2025-6691
CVE-2025-6691 affects the WordPress plugin SureForms – Drag and Drop Form Builder (Brainstorm Force) up to version 1.7.3. The vulnerability arises from insufficient file path validation in the delete_entry_files() function, enabling unauthenticated attackers to delete arbitrary files on the serve...
WordPress SureForms Plugin <= 1.7.3 is vulnerable to Arbitrary File Deletion
Software SureForms Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2025-6691 Patch priority High CVSS severity High 8.1 Developer Brainstorm Force PSID d93b2c396300 Credits Phat RiO - BlueRock Required privilege...