Brainstormforce Sureforms
7 CVEs affecting Brainstormforce Sureforms. Latest disclosed: 2025-08-01. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-6691 | High | 8.1 | 2025-07-09 | The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation… |
CVE-2025-6742 | High | 7.5 | 2025-07-09 | The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3… |
CVE-2025-5921 | Medium | 5.8 | 2025-08-01 | The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site… |
CVE-2024-12713 | Medium | 5.3 | 2025-01-08 | The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2… |
CVE-2025-3471 | Medium | 4.9 | 2025-04-30 | The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributo… |
CVE-2025-3514 | Low | 3.5 | 2025-05-02 | The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to pe… |
CVE-2025-3513 | Low | 3.5 | 2025-05-02 | The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to pe… |