Payment Validation Flaw in SureForms Plugin for WordPress
CVE-2026-11567
Currently unrated
Key Information:
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2026-11567?
The SureForms plugin for WordPress prior to version 2.11.1 features an improper payment amount validation flaw. This vulnerability allows unauthenticated users to exploit dynamically-sourced payment fields, leading to potential underpayment for products or subscriptions. Forms configured with a fixed price are not impacted, highlighting the importance of ensuring proper validation mechanisms for variable payment amounts to protect revenue integrity.
Affected Version(s)
SureForms 0 < 2.11.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.