Sureforms Security Vulnerabilities and Issues — Sureforms CVE List

BrainstormforceSureforms

7 matches found

CVE•added 2025/05/02 6:0 a.m.•63 views

CVE-2025-3513

CVE-2025-3513 affects the SureForms WordPress plugin prior to 1.4.4. The vulnerability is a Stored XSS resulting from insufficient sanitization/escaping of form settings, enabling high-privilege users (e.g., admins) to inject scripts, including in multisite contexts where unfiltered_html is disal...

3.5CVSS5.4AI score0.00274EPSS

CVE•added 2025/04/30 6:0 a.m.•62 views

CVE-2025-3471

CVE-2025-3471 concerns the SureForms WordPress plugin, prior to version 1.4.4. The root cause is an insufficient authorisation check when updating plugin settings via the REST API, potentially allowing a user with Contributor or higher privileges to perform settings updates. Public details across...

4.9CVSS6.8AI score0.0029EPSS

CVE•added 2025/05/02 6:0 a.m.•55 views

CVE-2025-3514

Summary (CVE-2025-3514): The SureForms WordPress plugin is affected (versions before 1.4.4). The issue stems from insufficient sanitization/escaping of certain Form settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as on multisite)...

3.5CVSS5.7AI score0.00219EPSS

CVE•added 2025/01/08 3:18 a.m.•46 views

CVE-2024-12713

CVE-2024-12713 affects the SureForms – Drag and Drop Form Builder for WordPress plugin. It exposes information via handle_export_form() due to a missing capability check, allowing unauthenticated export of data from password‑protected, private, or draft posts. Impact is information exposure (per ...

5.3CVSS5.3AI score0.00331EPSS

CVE•added 2025/07/09 5:23 a.m.•40 views

CVE-2025-6691

CVE-2025-6691 affects the WordPress plugin SureForms – Drag and Drop Form Builder (Brainstorm Force) up to version 1.7.3. The vulnerability arises from insufficient file path validation in the delete_entry_files() function, enabling unauthenticated attackers to delete arbitrary files on the serve...

8.1CVSS7.6AI score0.00984EPSS

CVE•added 2025/07/09 5:23 a.m.•38 views

CVE-2025-6742

Mode C: CVE-2025-6742 affects the WordPress plugin SureForms – Drag and Drop Form Builder for WordPress up to version 1.7.3. The root cause is use of file_exists() in delete_entry_files() with no path restriction, enabling unauthenticated PHP Object Injection. The report notes that no known POP c...

7.5CVSS7.1AI score0.00465EPSS

CVE•added 2025/08/01 6:0 a.m.•30 views

CVE-2025-5921

CVE-2025-5921 affects the SureForms WordPress plugin prior to version 1.7.2. The vulnerability is a Reflected Cross-Site Scripting caused by insufficient sanitisation/escaping of a parameter before output, potentially exploitable against both authenticated and unauthenticated users. Remediation: ...

5.8CVSS5.9AI score0.00167EPSS