71 matches found
CVE-2025-3513
CVE-2025-3513 affects the SureForms WordPress plugin prior to 1.4.4. The vulnerability is a Stored XSS resulting from insufficient sanitization/escaping of form settings, enabling high-privilege users (e.g., admins) to inject scripts, including in multisite contexts where unfiltered_html is disal...
PT-2025-18764 · WordPress · Sureforms
Name of the Vulnerable Software and Affected Versions: SureForms WordPress plugin versions prior to 1.4.4 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...
WordPress plugin SureForms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-3471
The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action...
CVE-2025-3471 SureForms < 1.4.4 - Contributor+ Settings Update
The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action...
CVE-2025-3471 SureForms < 1.4.4 - Contributor+ Settings Update
The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action...
CVE-2024-12713
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handleexportform function due to a missing capability check. This makes it possible for unauthenticated attackers to export data...
CVE-2024-12713
CVE-2024-12713 affects the SureForms – Drag and Drop Form Builder for WordPress plugin. It exposes information via handle_export_form() due to a missing capability check, allowing unauthenticated export of data from password‑protected, private, or draft posts. Impact is information exposure (per ...
CVE-2024-12713 SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handleexportform function due to a missing capability check. This makes it possible for unauthenticated attackers to export data...
CVE-2024-12713 SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handleexportform function due to a missing capability check. This makes it possible for unauthenticated attackers to export data...
WordPress plugin SureForms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...