CVE-2026-11567
Vulnerability Description
The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not affected.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
SureForms
Discussion (0)
Add Comment
No comments yet. Be the first!