CVE-2026-4987

Name of the Vulnerable Software and Affected Versions SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress versions up to and including 2.5.2

Description The SureForms plugin is susceptible to a Payment Amount Bypass issue. This occurs because the create payment intent() function relies on a user-controlled parameter for payment validation. This allows unauthenticated attackers to circumvent payment amount validation and create underpriced payment or subscription intents by setting the form id parameter to 0.

Recommendations Update SureForms to a version later than 2.5.2