Skip to content

Sudo-WP/sudowp-crowdsignal-forms

BranchesTags

Repository files navigation

SudoWP Crowdsignal Forms

PHP Version License Status

This is a SudoWP security fork of the original Crowdsignal Forms plugin.

Warning

Security Notice: The original "Crowdsignal Forms" plugin (versions <= 1.7.2) contains a critical Missing Authorization vulnerability (CVE-2025-69015) allowing authenticated users to modify polls they do not own. This SudoWP edition patches this vulnerability.

Installation

  1. Deactivate the original Crowdsignal Forms plugin.
  2. Delete the original Crowdsignal Forms plugin to avoid conflicts.
  3. Install and Activate SudoWP Crowdsignal Forms.

Changelog

1.7.3 - SudoWP Security Release

  • SECURITY: Patched CVE-2025-69015. Restricted REST API management endpoints for Polls, Feedback, and NPS surveys to users with edit_others_posts capability.
  • FEATURE: Added action hooks for form creation/updates (crowdsignal_forms_poll_created, etc.) to support integrations (e.g., Bit Integrations).
  • MODERNIZATION: Enforced strict typing (declare(strict_types=1);).
  • BRANDING: Updated identity to SudoWP.

Disclaimer

This plugin is maintained by the SudoWP community to provide security patches for abandoned or vulnerable plugins.

About

A security-hardened fork of Crowdsignal Forms. Patches CVE-2025-69015 (Broken Access Control), modernizes for PHP 8.2+, and enforces strict authorization checks.

sudowp.com

Topics

security-patch cve-2025-69015 crowdsignal-forms

Resources

Readme

License

GPL-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages