71 matches found
CVE-2026-4987
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
EUVD-2026-16905
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
CVE-2026-4987
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
CVE-2026-4987
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
Exploit for CVE-2025-14855
CVE-2025-14855: SureForms WordPress Plugin Stored XSS Proof of...
CVE-2025-14855
The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
CVE-2025-14855 SureForms <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting
The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
CVE-2025-14855
Vulnerability: WordPress SureForms plugin
PT-2025-52587
Name of the Vulnerable Software and Affected Versions SureForms versions prior to 2.2.0 Description The SureForms plugin for WordPress is susceptible to Stored Cross-Site Scripting through the form field parameters. Insufficient input sanitization and output escaping allow unauthenticated attacke...
CVE-2025-12535
The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...
CVE-2025-12535
The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...
CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution
The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...
PT-2025-47442
The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wp rest to unauthenticated users via the 'wp ajax nopriv rest-nonce' action. While the plugi...
WordPress SureForms plugin <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution vulnerability
Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution vulnerability discovered by type5afe in WordPress Plugin SureForms versions = 1.13.1...
CVE-2025-12536
The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the 'srfmemailnotification' post meta registration. This is due to setting the 'authcallback' parameter to 'returntrue', which allows unauthenticated access to the...
CVE-2025-12536
CVE-2025-12536 affects WordPress SureForms plugin up to version 1.13.1. The issue is missing authorization on the _srfm_email_notification post meta, where the auth_callback was set to __return_true, allowing unauthenticated access to sensitive metadata (e.g., email notification configurations, C...
WordPress plugin SureForms 安全漏洞
WordPress SureForms plugin is a drag-and-drop form builder plugin designed for WordPress, supporting the creation of multi-step forms, dialog forms and other complex features, no programming can quickly build forms. WordPress SureForms plugin suffers from an information disclosure vulnerability...
PT-2025-46779
Name of the Vulnerable Software and Affected Versions SureForms plugin for WordPress versions prior to 1.14.0 Description The SureForms plugin for WordPress is susceptible to sensitive information disclosure in versions up to and including 1.13.1. This is a result of the auth callback parameter...
CVE-2025-10732
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...
CVE-2025-10732
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...