Back to CVE List

CVE-2026-11567

Vulnerability Description

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not affected.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
SureForms

External References

Discussion (0)

Add Comment

No comments yet. Be the first!