Vulnerability in Brainstormforce Sureforms

CVE-2025-3471

The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action

EPSS: 0.003 (20.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N.

Affected products

References

  • contact@wpscan.com (Exploit, technical-description, Third Party Advisory, exploit, vdb-entry)

Frequently asked questions

What is CVE-2025-3471?
CVE-2025-3471 is a medium-severity vulnerability in Brainstormforce Sureforms, classified under CWE-863 INCORRECT AUTHORIZATION. CVSS score: 4.9/10. Published 2025-04-30.
How severe is CVE-2025-3471?
Medium severity. CVSS v3 base score is 4.9 out of 10.