WordPress SureForms - Drag and Drop Form Builder for WordPress plugin <= 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation vulnerability

WordPress SureForms - Drag and Drop Form Builder for WordPress plugin = 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation vulnerability discovered by andrea bocchetti in WordPress Plugin SureForms versions = 2.2.1...

Exploit for CVE-2025-14855

CVE-2025-14855: SureForms WordPress Plugin Stored XSS Proof of...

📄 WordPress SureForms 2.2.0 Cross Site Scripting

WordPress SureForms plugin versions 2.2.0 and below suffer from a persistent cross site scripting vulnerability. CVE-2025-14855: SureForms WordPress Plugin Stored XSS Proof of Concept - Target: WordPress Plugin "SureForms" - Plugin Wordpress: https://wordpress.org/plugins/sureforms/ - Vulnerabili...

WordPress SureForms plugin <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Tiến Dũng Nguyễn in WordPress Plugin SureForms versions = 2.2.0...

WordPress SureForms plugin < 1.4.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SureForms versions 1.4.4...

CVE-2025-14855

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2025-14855 SureForms <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2025-14855 SureForms <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2025-14855

Vulnerability: WordPress SureForms plugin

WordPress plugin SureForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-52587

Name of the Vulnerable Software and Affected Versions SureForms versions prior to 2.2.0 Description The SureForms plugin for WordPress is susceptible to Stored Cross-Site Scripting through the form field parameters. Insufficient input sanitization and output escaping allow unauthenticated attacke...

CVE-2025-12535

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...

CVE-2025-12535

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...

CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...

CVE-2025-12535 SureForms <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wprest to unauthenticated users via the 'wpajaxnoprivrest-nonce' action. While the plugin...

WordPress plugin SureForms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

PT-2025-47442

The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin distributing generic WordPress REST API nonces wp rest to unauthenticated users via the 'wp ajax nopriv rest-nonce' action. While the plugi...

WordPress SureForms plugin <= 1.13.1 - Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution vulnerability

Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution vulnerability discovered by type5afe in WordPress Plugin SureForms versions = 1.13.1...

WordPress SureForms plugin information disclosure vulnerability

WordPress SureForms plugin is a drag-and-drop form builder plugin designed for WordPress, supporting the creation of multi-step forms, dialog forms and other complex features, no programming can quickly build forms. WordPress SureForms plugin suffers from an information disclosure vulnerability...

CVE-2025-12536

The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the 'srfmemailnotification' post meta registration. This is due to setting the 'authcallback' parameter to 'returntrue', which allows unauthenticated access to the...