Vulnerability in Brainstormforce Sureforms
CVE-2025-3471
The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action
EPSS: 0.003 (20.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N.
Affected products
- Brainstormforce Sureforms
- Unknown Sureforms — versions 0
References
- contact@wpscan.com (Exploit, technical-description, Third Party Advisory, exploit, vdb-entry)
Frequently asked questions
- What is CVE-2025-3471?
- CVE-2025-3471 is a medium-severity vulnerability in Brainstormforce Sureforms, classified under CWE-863 INCORRECT AUTHORIZATION. CVSS score: 4.9/10. Published 2025-04-30.
- How severe is CVE-2025-3471?
- Medium severity. CVSS v3 base score is 4.9 out of 10.