Primary

Context

SureForms WordPress Plugin Information Exposure Vulnerability

Vulnerability

A vulnerability allowing information exposure has been identified in the SureForms – Drag and Drop Form Builder for WordPress plugin, affecting all versions through 1.2.2. The issue arises in the handle_export_form() function, where a missing capability check allows unauthenticated attackers to export data from password-protected, private, or draft posts that they should not have access to.

Impact

Exploitation of this vulnerability could lead to unauthorized access to exported data from protected posts, including those that are password-protected, private, or in draft status.

Remediation

Users are advised to update the SureForms WordPress plugin to version 1.2.3 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SureForms WordPress Plugin Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating