The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not affected.
References
Configurations
No configuration.
History
14 Jul 2026, 13:18
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
14 Jul 2026, 06:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-14 06:16
Updated : 2026-07-14 16:42
NVD link : CVE-2026-11567
Mitre link : CVE-2026-11567
CVE.ORG link : CVE-2026-11567
JSON object : View
Products Affected
No product.
CWE
No CWE.
