132 matches found
WordPress SureForms plugin < 1.9.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin SureForms versions 1.9.1...
CVE-2025-8282
The SureForms WordPress plugin before 1.9.1 does not sanitise and escape some parameters when outputing them in the page, which could allow admin and above users to perform Cross-Site Scripting attacks...
CVE-2025-8282
CVE-2025-8282 affects the SureForms WordPress plugin prior to 1.9.1. The issue is an input sanitization/escaping flaw in parameters output on pages, enabling stored Cross‑Site Scripting (XSS) for admin and higher-privilege users. Impact is admin users could inject malicious scripts into pages ren...
CVE-2025-8282 SureForms < 1.9.1 - Admin+ Stored XSS
The SureForms WordPress plugin before 1.9.1 does not sanitise and escape some parameters when outputing them in the page, which could allow admin and above users to perform Cross-Site Scripting attacks...
CVE-2025-8282 SureForms < 1.9.1 - Admin+ Stored XSS
The SureForms WordPress plugin before 1.9.1 does not sanitise and escape some parameters when outputing them in the page, which could allow admin and above users to perform Cross-Site Scripting attacks...
PT-2025-39146
Name of the Vulnerable Software and Affected Versions SureForms WordPress plugin versions prior to 1.9.1 Description The SureForms WordPress plugin does not properly sanitize and escape parameters when displaying them on a page. This could allow administrators and users with higher privileges to...
WordPress plugin SureForms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
CVE-2025-10489
The SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more plugin for WordPress is vulnerable to unauthorized creation of forms due to a missing capability check on the registerposttypes function in all versions up to, and including, 1.12.0. This makes it...
CVE-2025-10489
The SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more plugin for WordPress is vulnerable to unauthorized creation of forms due to a missing capability check on the registerposttypes function in all versions up to, and including, 1.12.0. This makes it...
CVE-2025-10489 SureForms – Drag and Drop Form Builder for WordPress <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form Creation
The SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more plugin for WordPress is vulnerable to unauthorized creation of forms due to a missing capability check on the registerposttypes function in all versions up to, and including, 1.12.0. This makes it...
CVE-2025-10489 SureForms – Drag and Drop Form Builder for WordPress <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form Creation
The SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more plugin for WordPress is vulnerable to unauthorized creation of forms due to a missing capability check on the registerposttypes function in all versions up to, and including, 1.12.0. This makes it...
CVE-2025-10489
CVE-2025-10489 SureForms (WordPress) — Vulnerable to unauthorized form creation due to a missing capability check in register_post_types() for all versions up to 1.12.0. Authenticated attackers with Contributor-level access and above can create forms even when the UI blocks it. Impact per availab...
WordPress SureForms – Drag and Drop Form Builder for WordPress plugin <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form Creation vulnerability
Missing Authorization to Authenticated Contributor+ Form Creation vulnerability discovered by Alex in WordPress Plugin SureForms versions = 1.12.0...
WordPress plugin SureForms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress SureForms plugin cross-site scripting vulnerability
WordPress SureForms plugin is designed for WordPress visual form builder plugin , support drag and drop operation , no programming foundation can quickly build responsive form . WordPress SureForms plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective...
CVE-2025-5921
The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users...
CVE-2025-5921
The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users...
CVE-2025-5921 SureForms < 1.7.2 - Reflected XSS
The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users...
CVE-2025-5921 SureForms < 1.7.2 - Reflected XSS
The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users...
CVE-2025-5921
CVE-2025-5921 affects the SureForms WordPress plugin prior to version 1.7.2. The vulnerability is a Reflected Cross-Site Scripting caused by insufficient sanitisation/escaping of a parameter before output, potentially exploitable against both authenticated and unauthenticated users. Remediation: ...