File Deletion Vulnerability in SureForms Drag and Drop Form Builder for WordPress
CVE-2025-6691
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 9 July 2025
What is CVE-2025-6691?
The SureForms β Drag and Drop Form Builder for WordPress plugin possesses a vulnerability that allows unauthorized users to delete arbitrary files from the server due to inadequate file path validation in the delete_entry_files() function. This flaw affects all versions up to and including 1.7.3, creating a path for potential remote code execution, especially if sensitive files such as wp-config.php are targeted. Organizations using this plugin should prioritize applying updates and implementing security measures to safeguard against exploitation.
Affected Version(s)
SureForms β Drag and Drop Form Builder for WordPress 0.0 <= 0.0.13
SureForms β Drag and Drop Form Builder for WordPress 1.0 <= 1.0.6
SureForms β Drag and Drop Form Builder for WordPress 1.1 <= 1.1.1