Brainstormforce Sureforms — known CVE vulnerabilities
Every CVE whose affected-product data names Brainstormforce Sureforms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2025-6691 — CVSS 8.1 (high): The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to…
CVE-2025-6742 — CVSS 7.5 (high): The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up…
CVE-2025-5921 — CVSS 5.8 (medium): The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a…
CVE-2024-12713 — CVSS 5.3 (medium): The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up…
CVE-2025-3471 — CVSS 4.9 (medium): The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which…
CVE-2025-3514 — CVSS 3.5 (low): The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users…
CVE-2025-3513 — CVSS 3.5 (low): The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users…