CVE-2025-10489: CWE-862 Missing Authorization in brainstormforce SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more

Medium

VulnerabilityCVE-2025-10489cve cve-2025-10489 cwe-862

Published: Sat Sep 20 2025 (09/20/2025, 04:27:55 UTC)

Source: CVE Database V5

Vendor/Project: brainstormforce

Product: SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more

Description

The SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more plugin for WordPress is vulnerable to unauthorized creation of forms due to a missing capability check on the register_post_types() function in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to create forms when the user interface specifically prohibits it.

Technical Details

Data Version: 5.1
Assigner Short Name: Wordfence
Date Reserved: 2025-09-15T15:14:26.747Z
Cvss Version: 3.1
State: PUBLISHED

Threat ID: 68cf42444a0b186b9321b044

Added to database: 9/21/2025, 12:09:40 AM

Last updated: 9/21/2025, 12:09:40 AM

Related Threats

CVE-2025-9949: CWE-352 Cross-Site Request Forgery (CSRF) in webraketen Internal Links Manager

Medium

VulnerabilitySun Sep 21 2025

CVE-2025-10305: CWE-862 Missing Authorization in endisha Secure Passkeys

Medium

VulnerabilitySun Sep 21 2025

CVE-2025-10181: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in dartiss Draft List

Medium

VulnerabilitySun Sep 21 2025

CVE-2025-10002: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in clickwhale ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages

Medium

VulnerabilitySun Sep 21 2025

CVE-2025-10756: Buffer Overflow in UTT HiPER 840G

High

VulnerabilitySun Sep 21 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Reference 2 Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

CVE-2025-10489: CWE-862 Missing Authorization in brainstormforce SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more

CVE-2025-10489: CWE-862 Missing Authorization in brainstormforce SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more

Description

Technical Details

Related Threats

CVE-2025-9949: CWE-352 Cross-Site Request Forgery (CSRF) in webraketen Internal Links Manager

CVE-2025-10305: CWE-862 Missing Authorization in endisha Secure Passkeys

CVE-2025-10181: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in dartiss Draft List

CVE-2025-10002: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in clickwhale ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages

CVE-2025-10756: Buffer Overflow in UTT HiPER 840G

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility