The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not affected.
Metrics
Affected Vendors & Products
References
History
Tue, 14 Jul 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Sureforms
Sureforms sureforms Wordpress Wordpress wordpress |
|
| Vendors & Products |
Sureforms
Sureforms sureforms Wordpress Wordpress wordpress |
Tue, 14 Jul 2026 06:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not affected. | |
| Title | SureForms < 2.11.1 - Unauthenticated Payment Amount Bypass | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-07-14T06:00:02.299Z
Reserved: 2026-06-08T08:28:35.208Z
Link: CVE-2026-11567
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-14T07:30:07Z