cvedb.io
CVE-2026-11567
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2026-07-14T06:16:54.410 · Last modified 2026-07-14T06:16:54.410

Summary

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not affected.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.