Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in SureForms – Drag and Drop Form Builder for WordPress 0.0.13

  • Severity: high-risk
  • Status: Fixed
  • Publication: July 8, 2025

A popular plugin for WordPress called SureForms has a security vulnerability that could allow attackers to inject harmful code into a website. This vulnerability exists in all versions of the plugin up to 1.7.3 and is due to the use of a function called file_exists() without proper restrictions. This could potentially give attackers access to sensitive information or allow them to delete important files. However, this vulnerability can only be exploited if another plugin or theme with a similar vulnerability is also installed on the website.

Detected in:

SureForms – Contact Form, Custom Form Builder, Calculator & More fixed vulnerable versions:
SureForms – Contact Form, Payment Form & Other Custom Form Builder fixed vulnerable versions:
SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more fixed vulnerable versions:
SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms, Login and Registration Forms and more fixed vulnerable versions:
SureForms – Drag and Drop Form Builder for WordPress fixed vulnerable versions: >= 0.0 <= 0.0.13

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.