CVE-2025-3471

Name of the Vulnerable Software and Affected Versions SureForms WordPress plugin versions prior to 1.4.4

Description The issue concerns a lack of proper authorization checks when updating settings via the REST API, potentially allowing Contributor and above roles to perform such actions.

Recommendations For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API for Contributor and above roles until the update is applied.