PT-2025-1935 · WordPress · Sureforms
Lucio Sá
·
Published
2025-01-08
·
Updated
2025-07-11
·
CVE-2024-12713
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SureForms – Drag and Drop Form Builder for WordPress versions up to, and including, 1.2.2
Description
The issue concerns a missing capability check in the
handle export form() function, allowing unauthenticated attackers to export data from password-protected, private, or draft posts that they should not have access to.Recommendations
For versions up to, and including, 1.2.2, update to a version that includes a fix for the missing capability check in the
handle export form() function.
As a temporary workaround, consider disabling the handle export form() function until a patch is available.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sureforms