Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-09-22
CVE-2025-10489 - Conversational Forms And More Plugin
The SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more plugin for WordPress is vulnerable to unauthorized creation of forms due to a missing capability check on the register_post_types() function in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to create forms when the user interface specifically prohibits it.
PLUGIN
Conversational Forms And More
CVE-2025-10489
Risk Score