CVE-2026-11567 in SureForms Plugininfo

Zusammenfassung

von MITRE • 14.07.2026

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not affected.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Zuständig

WPScan

Reservieren

08.06.2026

Veröffentlichung

14.07.2026

Moderieren

akzeptiert

Eintrag

VDB-378260

CPE

bereit

EPSS

0.00136

KEV

nein

Aktivitäten

low

Quellen

Want to know what is going to be exploited?

We predict KEV entries!