CVE-2024-12713

Medium CVSS: 5.3

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export data from password protected, private, or draft posts that they should not have access to.

Vendor

Brainstormforce

Product

Sureforms

CWE

CWE-862

Yayın Tarihi

2025-01-08 04:15:06

Güncelleme

2025-07-11 21:23:11

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 Sureforms MEDIUM Brainstormforce 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3215338/sureforms/tags/1.2.3/inc/export.php https://www.wordfence.com/threat-intel/vulnerabilities/id/412d5fa7-08fc-402a-bcac-b2dff87de861?source=cve

Benzer Kayıtlar

Medium

CVE-2025-5921

The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the p…

High

CVE-2025-6742

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in a…

High

CVE-2025-6691

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion d…

Low

CVE-2025-3513

The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow h…

Low

CVE-2025-3514

The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow h…

Medium

CVE-2024-56274

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force A…