CVE-2025-6691 in SureForms Plugininformazioni

Riassunto

di MITRE • 09/07/2025

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Prenotare

25/06/2025

Divulgazione

09/07/2025

Moderazione

accettato

CPE

pronto

EPSS

0.00984

KEV

no

Attività

molto basso

Fonti

Do you need the next level of professionalism?

Upgrade your account now!