A high-severity authorization flaw (CVE-2026-42377, CVSS 7.3) exists in Brainstorm Force SureForms Pro, a WordPress form-building plugin, affecting all versions through 2.8.0. Attackers can exploit misconfigured access controls to reach restricted functionality or data without proper permission checks. Organizations running this plugin on public-facing WordPress sites should treat this as a priority patching item.