Severe WordPress Plugin Flaw Puts 200,000 Sites at Risk of Full Takeover
Posted: Sun Jul 13, 2025 1:59 pm
A critical arbitrary file deletion vulnerability has been discovered in the SureForms WordPress plugin, affecting over 200,000 active installations and potentially enabling unauthenticated attackers to achieve full site takeover.
The flaw, tracked as CVE-2025-6691 with a CVSS score of 8.8 (High), resides in versions up to 1.7.3 of the plugin, which is developed by Brainstorm Force.
https://gbhackers.com/severe-wordpress-plugin-flaw/
The flaw, tracked as CVE-2025-6691 with a CVSS score of 8.8 (High), resides in versions up to 1.7.3 of the plugin, which is developed by Brainstorm Force.
https://gbhackers.com/severe-wordpress-plugin-flaw/