SureForms

Brainstorm Force

Developer

2.7.1

Latest version

500,000

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

15 patched

5 Mitigation rules

Unauthenticated Payment Amount Validation Bypass via 'form_id' vulnerability
<= 2.5.2
30/03/2026
WordPress SureForms - Drag and Drop Form Builder for WordPress plugin <= 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation vulnerability
<= 2.2.1
15/02/2026
Unauthenticated Stored Cross-Site Scripting vulnerability
<= 2.2.0
31/12/2025
Admin+ Stored XSS vulnerability
< 1.4.4
31/12/2025
Cross-Site Request Forgery Protection Bypass via Improper Nonce Distribution vulnerability
<= 1.13.1
18/11/2025
Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability
<= 1.13.1
12/11/2025
Missing Authorization to Authenticated (Contributor+) Information Disclosure vulnerability
<= 1.12.1
13/10/2025
Admin+ Stored XSS vulnerability
< 1.9.1
23/09/2025
Missing Authorization to Authenticated (Contributor+) Form Creation vulnerability
<= 1.12.0
20/09/2025
Reflected XSS vulnerability
< 1.7.2
21/07/2025
Unauthenticated PHP Object Injection (PHAR) vulnerability
<= 1.7.3
08/07/2025
Unauthenticated Arbitrary File Deletion
<= 1.7.3
01/07/2025
Admin+ Stored XSS vulnerability
< 1.4.4
02/05/2025
Contributor+ Settings Update vulnerability
< 1.4.4
30/04/2025
Missing Authorization to Unauthenticated Protected Post Disclosure vulnerability
<= 1.2.2
07/01/2025