Lucene search
+L

40 matches found

CVE
CVE
added 3 days ago13 views

CVE-2026-11567

The CVE concerns the SureForms WordPress plugin prior to version 2.11.1, which fails to validate payment amounts on forms that use a dynamically sourced (variable/hidden) price. This allows unauthenticated users to underpay for the configured product or subscription; forms with fixed prices are n...

5.9CVSS6.1AI score0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-11567 SureForms < 2.11.1 - Unauthenticated Payment Amount Bypass

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced variable/hidden payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not...

0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 5:16 a.m.8 views

CVE-2026-15288

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS0.00333EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 4:31 a.m.37 views

CVE-2026-15288 SureForms – Drag and Drop Form Builder for WordPress <= 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS0.00333EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/10 4:31 a.m.7 views

EUVD-2026-42797

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-44772

Name of the Vulnerable Software and Affected Versions Contact Form 7 – PayPal & Stripe Add-on versions prior to 2.5.0 Description The plugin is subject to a payment bypass due to insufficient verification of data authenticity. While the cf7pp paypal ipn handler function validates IPN authenticity...

5.3CVSS5.2AI score0.00204EPSS
Exploits0References11
CVE
CVE
added 2026/04/17 3:36 a.m.26 views

CVE-2026-5234

The LatePoint WordPress plugin (versions

5.3CVSS5.8AI score0.00689EPSS
Exploits0References10
NVD
NVD
added 2026/04/15 9:16 a.m.8 views

CVE-2026-1782

The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3.9.7 This is due to the payment integrations Stripe/PayPal trusting a user-submitted calculation field value without recomputing or validating it against the configured form pric...

5.3CVSS0.00266EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/15 4:10 a.m.8 views

WordPress MetForm Pro plugin <= 3.9.7 - Unauthenticated Payment Amount Manipulation via 'mf-calculation' vulnerability

Unauthenticated Payment Amount Manipulation via 'mf-calculation' vulnerability discovered by andrea bocchetti in WordPress Plugin MetForm Pro versions = 3.9.7...

5.3CVSS5.8AI score0.00266EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/28 2:16 a.m.6 views

CVE-2026-4987

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS0.00256EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/28 1:25 a.m.3 views

CVE-2026-4987

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/28 1:25 a.m.40 views

CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS0.00256EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.10 views

CVE-2026-2888

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS0.0035EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:25 a.m.7 views

CVE-2026-2888

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS5.8AI score0.0035EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.11 views

WordPress plugin Formidable Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.0035EPSS
Exploits0References5
Wired Threat Level
Wired Threat Level
added 2025/10/22 8:31 p.m.5 views

No, ICE (Probably) Didn’t Buy Guided Missile Warheads

A federal contracting database lists an ICE payment for $61,218 with the payment code for “guided missile warheads and explosive components.” But it appears ICE simply entered the wrong code...

7.2AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-18451

Malware in sbrugna...

6.5CVSS6.6AI score0.00944EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-18449

Malware in sbrugna...

6.5CVSS6.6AI score0.00944EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/19 4:42 p.m.7 views

External Control of Assumed-Immutable Web Parameter

Overview sylius/paypal-plugin is a PayPal plugin for Sylius. Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter. The user-input payment amount is not adequately confirmed to be the same between payment completion and order authorization, in...

7.1CVSS6.9AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2025/03/17 2:15 p.m.11 views

CVE-2025-29788

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

6.5CVSS0.00464EPSS
Exploits0References6
Rows per page
Query Builder