3 matches found
WordPress SureForms plugin information disclosure vulnerability
WordPress SureForms plugin is a visual form builder plugin designed for WordPress , support drag and drop operation , no programming foundation to quickly build responsive forms . An information disclosure vulnerability exists in the WordPress SureForms plugin, which stems from improper access...
CVE-2025-10732
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...
CVE-2025-10732
The CVE concerns the WordPress plugin SureForms – Drag and Drop Form Builder for WordPress. Affected versions: all up to 1.12.1. Root cause: improper access control on the REST endpoint /wp-json/sureforms/v1/srfm-global-settings, allowing authenticated users with contributor-level access and abov...