Security Advisory

CVE-2024-12713

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-01-08 03:18:10

Last updated 2026-04-08 16:48:37

Assigner Wordfence

State PUBLISHED

Description

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export data from password protected, private, or draft posts that they should not have access to.

← Browse all CVEs View on cve.org ↗