The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export data from password protected, private, or draft posts that they should not have access to.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NBrainstormforce Sureforms
APPBrainstormforce< 1.2.3
Powiązane podatności
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file ...
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Inje...
The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it bac...
The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settin...
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which cou...