CVE-2026-11567

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not affected.
Configurations

No configuration.

History

14 Jul 2026, 13:18

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.9

14 Jul 2026, 06:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-14 06:16

Updated : 2026-07-14 16:42


NVD link : CVE-2026-11567

Mitre link : CVE-2026-11567

CVE.ORG link : CVE-2026-11567


JSON object : View

Products Affected

No product.

CWE

No CWE.