- Description
- The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
⚠️Vulnerabilidad en complemento SureForms de WordPress ❗CVE-2025-6691 ➡️Más info: https://t.co/cKsl9Zhlh8 https://t.co/REYIj5cDdu
@CERTpy
16 Jul 2025
101 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔴 محققان امنیتی یک نقص بحرانی (CVE-2025-6691) را در افزونه SureForms وردپرس، توسعهیافته توسط Brainstorm Force در ایالات متحده، شناسایی کردهاند. #Cybersecurity #Vulnerability #WordPress #W
@Takianco
13 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A flaw (CVE-2025-6691) in the SureForms WordPress plugin allows unauthenticated arbitrary file deletion (e.g., wp-config.php), leading to full site takeover. Update immediately! #WordPressSecurity #SureForms #Cybersecurity #Vulnerability #SiteTakeover https://t.co/hnjlSL1KtQ
@the_yellow_fall
10 Jul 2025
13 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6691 The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the d… https://t.co/NL815LTk46
@CVEnew
9 Jul 2025
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "25076177-F17B-42E9-B379-5BFA9C9998BC",
"versionEndExcluding": "0.0.14",
"versionStartIncluding": "0.0.2"
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "BDE67AEC-C7D4-4932-8E50-7FAB1083ECC1",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "1.0.0"
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "75474DE5-16CE-4D54-82D1-8641835CD4C3",
"versionEndExcluding": "1.1.2",
"versionStartIncluding": "1.1.0"
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "F611D4A0-7AD9-4235-B768-1BC930EC1E61",
"versionEndExcluding": "1.2.5",
"versionStartIncluding": "1.2.0"
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "E8D55A76-91F5-4331-B2EB-5CFBFFB76D35",
"versionEndExcluding": "1.3.2",
"versionStartIncluding": "1.3.0"
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "BDC85CB7-7FF3-4216-96B9-28346C734EBB",
"versionEndExcluding": "1.4.5",
"versionStartIncluding": "1.4.0"
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "21F1E7ED-E4D7-48DF-BAF5-5766A3D150CD",
"versionEndExcluding": "1.6.5",
"versionStartIncluding": "1.6.0"
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "453C4BA2-3E81-4E6F-AACD-5FAFE560E637",
"versionEndExcluding": "1.7.4",
"versionStartIncluding": "1.7.0"
},
{
"criteria": "cpe:2.3:a:brainstormforce:sureforms:1.5.0:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "F568EC16-784D-4551-9A6B-B6C77B5784C4"
}
],
"operator": "OR"
}
]
}
]