CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...

CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...

CVE-2025-12535

CVE-2025-12535 (SureForms

WordPress SureForms plugin <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution vulnerability

Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution vulnerability discovered by type5afe in WordPress Plugin SureForms versions = 1.13.1...