CVE-2026-11567
SureForms < 2.11.1 - Unauthenticated Payment Amount Bypass
CVSS Score
5.9
EPSS Score
0.0%
EPSS Percentile
0th
The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not affected.
| Vendor | unknown |
| Product | sureforms |
| Published | Jul 14, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown sureforms
Be the first to know when new medium vulnerabilities affecting unknown sureforms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / SureForms
0 < 2.11.1
References
Credits
Yaswanth Reddy Sunkara WPScan