Lucene search
K

75 matches found

CVE
CVE
added 2 hours ago5 views

CVE-2026-11567

CVE-2026-11567 affects the SureForms WordPress plugin prior to 2.11.1. The vulnerability is a failure to properly validate the payment amount on forms that use a dynamically sourced (variable/hidden) payment amount, enabling unauthenticated users to underpay for the configured product or subscrip...

6.1AI score
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-15288

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS0.00333EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42797

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-15288 SureForms – Drag and Drop Form Builder for WordPress <= 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS0.00333EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/29 5:10 a.m.8 views

CVE-2026-4987

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/28 3:31 a.m.6 views

EUVD-2026-16905

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 2026/03/28 2:16 a.m.6 views

CVE-2026-4987

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS0.00256EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/28 1:25 a.m.3 views

CVE-2026-4987

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/01/26 8:28 a.m.193 views

Exploit for CVE-2025-14855

CVE-2025-14855: SureForms WordPress Plugin Stored XSS Proof of...

7.2CVSS5.9AI score0.00312EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/12/22 8:17 a.m.12 views

CVE-2025-14855

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS5.2AI score0.00312EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/12/21 7:31 a.m.8 views

CVE-2025-14855 SureForms <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

7.2CVSS4.9AI score0.00312EPSS
Exploits2References3
CVE
CVE
added 2025/12/21 7:31 a.m.36 views

CVE-2025-14855

Vulnerability: WordPress SureForms plugin

7.2CVSS4.9AI score0.00312EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/12/21 12:0 a.m.10 views

PT-2025-52587

Name of the Vulnerable Software and Affected Versions SureForms versions prior to 2.2.0 Description The SureForms plugin for WordPress is susceptible to Stored Cross-Site Scripting through the form field parameters. Insufficient input sanitization and output escaping allow unauthenticated attacke...

7.2CVSS5.5AI score0.00312EPSS
Exploits2References10
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.13 views

CVE-2025-12535

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...

5.3CVSS6.2AI score0.00185EPSS
Exploits0References1
NVD
NVD
added 2025/11/19 7:15 a.m.11 views

CVE-2025-12535

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...

5.3CVSS0.00185EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/19 6:45 a.m.9 views

CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...

5.3CVSS5.8AI score0.00185EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.12 views

PT-2025-47442

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wp rest to unauthenticated users via the 'wp ajax nopriv rest-nonce' action. While the plugi...

5.3CVSS6.2AI score0.00185EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/11/18 11:42 p.m.10 views

WordPress SureForms plugin <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution vulnerability

Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution vulnerability discovered by type5afe in WordPress Plugin SureForms versions = 1.13.1...

5.3CVSS7AI score0.00185EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/11/13 4:15 a.m.4 views

CVE-2025-12536

The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the 'srfmemailnotification' post meta registration. This is due to setting the 'authcallback' parameter to 'returntrue', which allows unauthenticated access to the...

5.3CVSS0.00809EPSS
Exploits0References3
CVE
CVE
added 2025/11/13 3:27 a.m.20 views

CVE-2025-12536

CVE-2025-12536 affects WordPress SureForms plugin up to version 1.13.1. The issue is missing authorization on the _srfm_email_notification post meta, where the auth_callback was set to __return_true, allowing unauthenticated access to sensitive metadata (e.g., email notification configurations, C...

5.3CVSS5.7AI score0.00809EPSS
Exploits0References3
Rows per page
Query Builder