Ghostwire

CVE-2026-11567: The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a...

MEDIUM CVSS 0.0

Published: July 14, 2026 | Last Modified: July 14, 2026

Description

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not affected.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References