CVE-2025-6691

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions: SureForms – Drag and Drop Form Builder for WordPress plugin versions through 1.7.3

Description: The SureForms – Drag and Drop Form Builder for WordPress plugin is susceptible to arbitrary file deletion due to inadequate file path validation within the delete entry files() function. This allows unauthenticated attackers to delete arbitrary files on the server, potentially leading to remote code execution if critical files, such as wp-config.php, are removed. Approximately 200,000 sites are potentially affected.

Recommendations: Update SureForms – Drag and Drop Form Builder for WordPress plugin to a version later than 1.7.3.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-610CWE-73

Related Identifiers

CVE-2025-6691

Affected Products

Sureforms

CVE-2025-6691

Weakness Enumeration

Related Identifiers

Affected Products

References · 16