PT-2026-57964 · WordPress · Sureforms

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-11567

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions SureForms WordPress plugin versions prior to 2.11.1
Description Insufficient validation of the payment amount occurs on forms utilizing dynamically-sourced variable or hidden payment amounts. This allows unauthenticated users to underpay for configured products or subscriptions. Forms configured with a fixed price are not affected.
Recommendations Update SureForms WordPress plugin to version 2.11.1 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-11567

Affected Products

Sureforms