2 matches found
CVE-2025-12536 SureForms <= 1.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the 'srfmemailnotification' post meta registration. This is due to setting the 'authcallback' parameter to 'returntrue', which allows unauthenticated access to the...
PT-2025-46779
Name of the Vulnerable Software and Affected Versions SureForms plugin for WordPress versions prior to 1.14.0 Description The SureForms plugin for WordPress is susceptible to sensitive information disclosure in versions up to and including 1.13.1. This is a result of the auth callback parameter...