Vulnerabilites related to brainstormforce - sureforms
CVE-2025-3514 (GCVE-0-2025-3514)
Vulnerability from cvelistv5
Published
2025-05-02 06:00
Modified
2025-05-02 14:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/fc3da503-a973-44d8-82d0-13539501f8c0/ | exploit, vdb-entry, technical-description |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-3514",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T14:42:28.240813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T14:43:02.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SureForms",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.4.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T06:00:02.905Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/fc3da503-a973-44d8-82d0-13539501f8c0/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SureForms \u003c 1.4.4 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2025-3514",
"datePublished": "2025-05-02T06:00:02.905Z",
"dateReserved": "2025-04-11T08:57:17.671Z",
"dateUpdated": "2025-05-02T14:43:02.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12713 (GCVE-0-2024-12713)
Vulnerability from cvelistv5
Published
2025-01-08 03:18
Modified
2025-01-08 15:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export data from password protected, private, or draft posts that they should not have access to.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| brainstormforce | SureForms – Drag and Drop Form Builder for WordPress |
Version: * ≤ 1.2.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T15:27:01.299350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T15:27:43.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SureForms \u2013 Drag and Drop Form Builder for WordPress",
"vendor": "brainstormforce",
"versions": [
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucio S\u00e1"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export data from password protected, private, or draft posts that they should not have access to."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T03:18:10.248Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/412d5fa7-08fc-402a-bcac-b2dff87de861?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3215338/sureforms/tags/1.2.3/inc/export.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-07T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "SureForms \u2013 Drag and Drop Form Builder for WordPress \u003c= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12713",
"datePublished": "2025-01-08T03:18:10.248Z",
"dateReserved": "2024-12-17T16:22:11.202Z",
"dateUpdated": "2025-01-08T15:27:43.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3513 (GCVE-0-2025-3513)
Vulnerability from cvelistv5
Published
2025-05-02 06:00
Modified
2025-05-02 15:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/dd7e0bb3-4a98-4f62-bd2e-f30b27d71226/ | exploit, vdb-entry, technical-description |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-3513",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T15:46:13.723384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T15:46:27.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SureForms",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.4.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T06:00:02.187Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/dd7e0bb3-4a98-4f62-bd2e-f30b27d71226/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SureForms \u003c 1.4.4 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2025-3513",
"datePublished": "2025-05-02T06:00:02.187Z",
"dateReserved": "2025-04-11T08:57:15.421Z",
"dateUpdated": "2025-05-02T15:46:27.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3471 (GCVE-0-2025-3471)
Vulnerability from cvelistv5
Published
2025-04-30 06:00
Modified
2025-04-30 17:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/aa21dd2b-1277-4cf9-b7f6-d4f8a6d518c1/ | exploit, vdb-entry, technical-description |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-3471",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T17:27:54.229730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T17:28:20.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SureForms",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.4.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T06:00:04.092Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/aa21dd2b-1277-4cf9-b7f6-d4f8a6d518c1/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SureForms \u003c 1.4.4 - Contributor+ Settings Update",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2025-3471",
"datePublished": "2025-04-30T06:00:04.092Z",
"dateReserved": "2025-04-09T14:55:58.875Z",
"dateUpdated": "2025-04-30T17:28:20.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5921 (GCVE-0-2025-5921)
Vulnerability from cvelistv5
Published
2025-08-01 06:00
Modified
2025-08-01 13:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/052fb6cf-274e-468b-a7e0-0e7a1751ec75/ | exploit, vdb-entry, technical-description |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-5921",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T13:39:32.271389Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T13:39:38.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SureForms",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T06:00:02.201Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/052fb6cf-274e-468b-a7e0-0e7a1751ec75/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SureForms \u003c 1.7.2 - Reflected XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2025-5921",
"datePublished": "2025-08-01T06:00:02.201Z",
"dateReserved": "2025-06-09T13:48:38.281Z",
"dateUpdated": "2025-08-01T13:39:38.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6742 (GCVE-0-2025-6742)
Vulnerability from cvelistv5
Published
2025-07-09 05:23
Modified
2025-07-09 14:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of file_exists() in the delete_entry_files() function without restriction on the path provided. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| brainstormforce | SureForms – Drag and Drop Form Builder for WordPress |
Version: 0.0 ≤ 0.0.13 Version: 1.0 ≤ 1.0.6 Version: 1.1 ≤ 1.1.1 Version: 1.2 ≤ 1.2.4 Version: 1.3 ≤ 1.3.1 Version: 1.4 ≤ 1.4.4 Version: 1.5 Version: 1.6 ≤ 1.6.4 Version: 1.7 ≤ 1.7.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T14:14:18.936885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T14:14:31.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SureForms \u2013 Drag and Drop Form Builder for WordPress",
"vendor": "brainstormforce",
"versions": [
{
"lessThanOrEqual": "0.0.13",
"status": "affected",
"version": "0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.6",
"status": "affected",
"version": "1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.1.1",
"status": "affected",
"version": "1.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.4.4",
"status": "affected",
"version": "1.4",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.5"
},
{
"lessThanOrEqual": "1.6.4",
"status": "affected",
"version": "1.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.7.3",
"status": "affected",
"version": "1.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Tan Phat"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of file_exists() in the delete_entry_files() function without restriction on the path provided. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T05:23:39.316Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1de12d1c-5ac4-4f80-b33d-a689a6916ee0?source=cve"
},
{
"url": "https://wordpress.org/plugins/sureforms/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3319753%40sureforms\u0026new=3319753%40sureforms\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-02T06:40:25.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-07-08T17:20:32.000+00:00",
"value": "Disclosed"
}
],
"title": "SureForms \u2013 Drag and Drop Form Builder for WordPress \u003c= 1.7.3 - Unauthenticated PHP Object Injection (PHAR) Triggered via Admin Submission Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-6742",
"datePublished": "2025-07-09T05:23:39.316Z",
"dateReserved": "2025-06-26T17:52:32.918Z",
"dateUpdated": "2025-07-09T14:14:31.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6691 (GCVE-0-2025-6691)
Vulnerability from cvelistv5
Published
2025-07-09 05:23
Modified
2025-07-09 14:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-73 - External Control of File Name or Path
Summary
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| brainstormforce | SureForms – Drag and Drop Form Builder for WordPress |
Version: 0.0 ≤ 0.0.13 Version: 1.0 ≤ 1.0.6 Version: 1.1 ≤ 1.1.1 Version: 1.2 ≤ 1.2.4 Version: 1.3 ≤ 1.3.1 Version: 1.4 ≤ 1.4.4 Version: 1.5 Version: 1.6 ≤ 1.6.4 Version: 1.7 ≤ 1.7.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T14:13:25.550771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T14:13:33.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SureForms \u2013 Drag and Drop Form Builder for WordPress",
"vendor": "brainstormforce",
"versions": [
{
"lessThanOrEqual": "0.0.13",
"status": "affected",
"version": "0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.6",
"status": "affected",
"version": "1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.1.1",
"status": "affected",
"version": "1.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.4.4",
"status": "affected",
"version": "1.4",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.5"
},
{
"lessThanOrEqual": "1.6.4",
"status": "affected",
"version": "1.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.7.3",
"status": "affected",
"version": "1.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Tan Phat"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T05:23:39.896Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4658546-bf57-414b-a3c9-bf7a5692c5fe?source=cve"
},
{
"url": "https://wordpress.org/plugins/sureforms/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/sureforms/trunk/admin/views/entries-list-table.php#L661"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3319753%40sureforms\u0026new=3319753%40sureforms\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-02T06:40:26.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-07-08T17:20:33.000+00:00",
"value": "Disclosed"
}
],
"title": "SureForms \u2013 Drag and Drop Form Builder for WordPress \u003c= 1.7.3 - Unauthenticated Arbitrary File Deletion Triggered via Administrator Submission Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-6691",
"datePublished": "2025-07-09T05:23:39.896Z",
"dateReserved": "2025-06-25T22:28:23.529Z",
"dateUpdated": "2025-07-09T14:13:33.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-07-09 06:15
Modified
2025-07-11 21:22
Severity ?
Summary
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | 1.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "25076177-F17B-42E9-B379-5BFA9C9998BC",
"versionEndExcluding": "0.0.14",
"versionStartIncluding": "0.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "BDE67AEC-C7D4-4932-8E50-7FAB1083ECC1",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "75474DE5-16CE-4D54-82D1-8641835CD4C3",
"versionEndExcluding": "1.1.2",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F611D4A0-7AD9-4235-B768-1BC930EC1E61",
"versionEndExcluding": "1.2.5",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E8D55A76-91F5-4331-B2EB-5CFBFFB76D35",
"versionEndExcluding": "1.3.2",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "BDC85CB7-7FF3-4216-96B9-28346C734EBB",
"versionEndExcluding": "1.4.5",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "21F1E7ED-E4D7-48DF-BAF5-5766A3D150CD",
"versionEndExcluding": "1.6.5",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "453C4BA2-3E81-4E6F-AACD-5FAFE560E637",
"versionEndExcluding": "1.7.4",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:1.5.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F568EC16-784D-4551-9A6B-B6C77B5784C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
},
{
"lang": "es",
"value": "El complemento SureForms \u2013 Drag and Drop Form Builder for WordPress para WordPress es vulnerable a la eliminaci\u00f3n arbitraria de archivos debido a una validaci\u00f3n insuficiente de la ruta de archivo en la funci\u00f3n delete_entry_files() en todas las versiones hasta la 1.7.3 incluida. Esto permite que atacantes no autenticados eliminen archivos arbitrarios en el servidor, lo que puede provocar f\u00e1cilmente la ejecuci\u00f3n remota de c\u00f3digo al eliminar el archivo correcto (como wp-config.php)."
}
],
"id": "CVE-2025-6691",
"lastModified": "2025-07-11T21:22:46.333",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@wordfence.com",
"type": "Primary"
}
]
},
"published": "2025-07-09T06:15:23.567",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/sureforms/trunk/admin/views/entries-list-table.php#L661"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3319753%40sureforms\u0026new=3319753%40sureforms\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/sureforms/"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4658546-bf57-414b-a3c9-bf7a5692c5fe?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "security@wordfence.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-610"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-08 04:15
Modified
2025-07-11 21:23
Severity ?
Summary
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export data from password protected, private, or draft posts that they should not have access to.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| brainstormforce | sureforms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CC1BC3D1-5B03-4DE6-8204-E8E1DBA88F03",
"versionEndExcluding": "1.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export data from password protected, private, or draft posts that they should not have access to."
},
{
"lang": "es",
"value": "El complemento SureForms \u2013 Drag y Drop Form Builder para WordPress para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta la 1.2.2 incluida a trav\u00e9s de la funci\u00f3n handle_export_form() debido a una verificaci\u00f3n de capacidad faltante. Esto permite que atacantes no autenticados exporten datos de publicaciones protegidas con contrase\u00f1a, privadas o en borrador a las que no deber\u00edan tener acceso."
}
],
"id": "CVE-2024-12713",
"lastModified": "2025-07-11T21:23:11.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Primary"
}
]
},
"published": "2025-01-08T04:15:06.967",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3215338/sureforms/tags/1.2.3/inc/export.php"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/412d5fa7-08fc-402a-bcac-b2dff87de861?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@wordfence.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-02 06:15
Modified
2025-05-28 16:01
Severity ?
Summary
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/fc3da503-a973-44d8-82d0-13539501f8c0/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| brainstormforce | sureforms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "43C2420B-B0AA-4E79-A577-0A361BCB7A10",
"versionEndExcluding": "1.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento SureForms para WordPress anterior a la versi\u00f3n 1.4.4 no depura ni escapa de algunas de sus configuraciones de formulario, lo que podr\u00eda permitir que usuarios con privilegios elevados como el administrador realicen ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios)."
}
],
"id": "CVE-2025-3514",
"lastModified": "2025-05-28T16:01:47.180",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-02T06:15:48.980",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/fc3da503-a973-44d8-82d0-13539501f8c0/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-30 06:15
Modified
2025-05-09 13:48
Severity ?
Summary
The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/aa21dd2b-1277-4cf9-b7f6-d4f8a6d518c1/ | Third Party Advisory, Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| brainstormforce | sureforms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "43C2420B-B0AA-4E79-A577-0A361BCB7A10",
"versionEndExcluding": "1.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action"
},
{
"lang": "es",
"value": "El complemento SureForms de WordPress anterior a la versi\u00f3n 1.4.4 no tiene una verificaci\u00f3n de autorizaci\u00f3n adecuada al actualizar su configuraci\u00f3n a trav\u00e9s de la API REST, lo que podr\u00eda permitir que los roles de Colaborador y superiores realicen dicha acci\u00f3n."
}
],
"id": "CVE-2025-3471",
"lastModified": "2025-05-09T13:48:03.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-04-30T06:15:53.153",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory",
"Exploit"
],
"url": "https://wpscan.com/vulnerability/aa21dd2b-1277-4cf9-b7f6-d4f8a6d518c1/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-02 06:15
Modified
2025-05-28 16:02
Severity ?
Summary
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/dd7e0bb3-4a98-4f62-bd2e-f30b27d71226/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| brainstormforce | sureforms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "43C2420B-B0AA-4E79-A577-0A361BCB7A10",
"versionEndExcluding": "1.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento SureForms para WordPress anterior a la versi\u00f3n 1.4.4 no depura ni escapa de algunas de sus configuraciones de formulario, lo que podr\u00eda permitir que usuarios con privilegios elevados como el administrador realicen ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios)."
}
],
"id": "CVE-2025-3513",
"lastModified": "2025-05-28T16:02:00.560",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-02T06:15:48.887",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/dd7e0bb3-4a98-4f62-bd2e-f30b27d71226/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-01 06:15
Modified
2025-08-06 16:48
Severity ?
Summary
The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/052fb6cf-274e-468b-a7e0-0e7a1751ec75/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| brainstormforce | sureforms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EE935994-1DBB-4506-A839-7976CBB5DCEB",
"versionEndExcluding": "1.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users."
},
{
"lang": "es",
"value": "El complemento SureForms para WordPress anterior a la versi\u00f3n 1.7.2 no depura ni escapa un par\u00e1metro antes de mostrarlo nuevamente en la p\u00e1gina, lo que genera un error de Cross-Site Scripting reflejado que podr\u00eda usarse contra usuarios autenticados y no autenticados."
}
],
"id": "CVE-2025-5921",
"lastModified": "2025-08-06T16:48:59.193",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-01T06:15:29.127",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/052fb6cf-274e-468b-a7e0-0e7a1751ec75/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-09 06:15
Modified
2025-07-11 21:21
Severity ?
Summary
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of file_exists() in the delete_entry_files() function without restriction on the path provided. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | * | |
| brainstormforce | sureforms | 1.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "25076177-F17B-42E9-B379-5BFA9C9998BC",
"versionEndExcluding": "0.0.14",
"versionStartIncluding": "0.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "BDE67AEC-C7D4-4932-8E50-7FAB1083ECC1",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "75474DE5-16CE-4D54-82D1-8641835CD4C3",
"versionEndExcluding": "1.1.2",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F611D4A0-7AD9-4235-B768-1BC930EC1E61",
"versionEndExcluding": "1.2.5",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E8D55A76-91F5-4331-B2EB-5CFBFFB76D35",
"versionEndExcluding": "1.3.2",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "BDC85CB7-7FF3-4216-96B9-28346C734EBB",
"versionEndExcluding": "1.4.5",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "21F1E7ED-E4D7-48DF-BAF5-5766A3D150CD",
"versionEndExcluding": "1.6.5",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "453C4BA2-3E81-4E6F-AACD-5FAFE560E637",
"versionEndExcluding": "1.7.4",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:1.5.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F568EC16-784D-4551-9A6B-B6C77B5784C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of file_exists() in the delete_entry_files() function without restriction on the path provided. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present."
},
{
"lang": "es",
"value": "El complemento SureForms \u2013 Drag and Drop Form Builder for WordPress para WordPress es vulnerable a la inyecci\u00f3n de objetos PHP en todas las versiones hasta la 1.7.3 incluida, mediante el uso de file_exists() en la funci\u00f3n delete_entry_files() sin restricci\u00f3n en la ruta proporcionada. Esto permite a atacantes no autenticados inyectar un objeto PHP. No se conoce ninguna cadena POP presente en el software vulnerable, lo que significa que esta vulnerabilidad no tiene impacto a menos que se instale en el sitio otro complemento o tema que contenga una cadena POP. Si una cadena POP est\u00e1 presente a trav\u00e9s de un complemento o tema adicional instalado en el sistema objetivo, puede permitir al atacante realizar acciones como eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar c\u00f3digo, dependiendo de la cadena POP presente."
}
],
"id": "CVE-2025-6742",
"lastModified": "2025-07-11T21:21:48.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security@wordfence.com",
"type": "Primary"
}
]
},
"published": "2025-07-09T06:15:25.220",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3319753%40sureforms\u0026new=3319753%40sureforms\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/sureforms/"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1de12d1c-5ac4-4f80-b33d-a689a6916ee0?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security@wordfence.com",
"type": "Primary"
}
]
}