GHSA-9r96-r77r-wwjrMediumCVSS 5.9

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on...

Published
July 14, 2026
Last Modified
July 14, 2026

🔗 CVE IDs covered (1)

📋 Description

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not affected.

🔗 References (3)