Brainstormforce Sureforms

7 CVEs affecting Brainstormforce Sureforms. Latest disclosed: 2025-08-01. Critical: 0, High: 2.

Top CVEs affecting Brainstormforce Sureforms
CVESeverityScorePublishedSummary
CVE-2025-6691High8.12025-07-09The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation…
CVE-2025-6742High7.52025-07-09The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3…
CVE-2025-5921Medium5.82025-08-01The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site…
CVE-2024-12713Medium5.32025-01-08The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2…
CVE-2025-3471Medium4.92025-04-30The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributo…
CVE-2025-3514Low3.52025-05-02The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to pe…
CVE-2025-3513Low3.52025-05-02The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to pe…