CVE-2026-11567
The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variabl
CVSS
5.9
Medio
EPSS
0.2%
p8
KEV
—
Exploit Today
2
0-100
Publicado: 14 jul 2026 · Última mod.: 14 jul 2026
0.1%EPSS · 30 días0.2%
2026-07-142026-07-17
The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not affected.
Sin CVEs relacionados por CWE o producto.