132 matches found
CVE-2026-42377
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...
SureForms <= 1.13.1 - Sensitive Information Exposure
SureForms WordPress plugin = 1.13.1 contains a sensitive information exposure caused by setting 'authcallback' to 'returntrue' in 'srfmemailnotification' post meta registration, letting unauthenticated attackers access sensitive email notification data, exploit requires no authentication. id:...
CVE-2026-42377
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...
EUVD-2026-26194
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...
CVE-2026-42377
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...
CVE-2026-42377
The CVE-2026-42377 entry documents a Missing Authorization/Broken Access Control issue in Brainstorm Force SureForms Pro (affecting versions up to and including 2.8.0). The vulnerability arises from incorrectly configured access control security levels, allowing unauthorized actions as described ...
CVE-2026-42377 WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...
CVE-2026-42377 WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...
WordPress Plugin SureForms Pro 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-35869
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...
WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SureForms Pro versions = 2.8.0...
WordPress SureForms plugin <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id' vulnerability
Unauthenticated Payment Amount Validation Bypass via 'formid' vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin SureForms versions = 2.5.2...
CVE-2026-4987
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
EUVD-2026-16905
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
CVE-2026-4987
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
CVE-2026-4987
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
CVE-2026-4987
The CVE affects the SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress (all versions up to 2.5.2). The root cause is that create_payment_intent() validates the payment amount using a user-controlled parameter, enabling unauthenticated attackers to bypass confi...
WordPress plugin SureForms 输入验证错误漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...