Brainstormforce Sureforms – Contact Form, Payment Form & Other Custom Form Builder
7 CVEs affecting Brainstormforce Sureforms – Contact Form, Payment Form & Other Custom Form Builder. Latest disclosed: 2026-03-28. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-4987 | High | 7.5 | 2026-03-28 | The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and i… |
CVE-2025-14855 | High | 7.2 | 2025-12-21 | The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due t… |
CVE-2025-12535 | Medium | 5.3 | 2025-11-19 | The SureForms plugin for WordPress is vulnerable to Cross-Site Request Forgery Bypass in all versions up to, and including, 1.13.1. This is due to the plugin d… |
CVE-2025-12536 | Medium | 5.3 | 2025-11-13 | The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the '_srfm_email_notificati… |
CVE-2024-12713 | Medium | 5.3 | 2025-01-08 | The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2… |
CVE-2025-10732 | Medium | 4.3 | 2025-10-14 | The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and incl… |
CVE-2025-10489 | Medium | 4.3 | 2025-09-20 | The SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more plugin for WordPress is vulnerable to unauthorized creatio… |