Lucene search
+L

142 matches found

Nuclei
Nuclei
added yesterday9 views

SureForms <= 1.13.1 - Sensitive Information Exposure

SureForms WordPress plugin = 1.13.1 contains a sensitive information exposure caused by setting 'authcallback' to 'returntrue' in 'srfmemailnotification' post meta registration, letting unauthenticated attackers access sensitive email notification data, exploit requires no authentication. id:...

7.5CVSS5.2AI score0.01986EPSS
Exploits0References2
NVD
NVD
added 4 days ago4 views

CVE-2026-11567

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced variable/hidden payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not...

5.9CVSS0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-11567 SureForms < 2.11.1 - Unauthenticated Payment Amount Bypass

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced variable/hidden payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not...

0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-11567

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced variable/hidden payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not...

5.9CVSS6.1AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43625

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced variable/hidden payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not...

5.9CVSS6.1AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2026-11567

The CVE concerns the SureForms WordPress plugin prior to version 2.11.1, which fails to validate payment amounts on forms that use a dynamically sourced (variable/hidden) price. This allows unauthenticated users to underpay for the configured product or subscription; forms with fixed prices are n...

5.9CVSS6.1AI score0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 5:16 a.m.8 views

CVE-2026-15288

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS0.00333EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/10 4:31 a.m.7 views

EUVD-2026-42797

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/10 4:31 a.m.7 views

CVE-2026-15288

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/10 4:31 a.m.37 views

CVE-2026-15288 SureForms – Drag and Drop Form Builder for WordPress <= 2.2.1 - Unauthenticated Stripe Payment Amount Manipulation

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 2.2.1. This is due to the plugin accepting the payment amount directly from user-controlled POST data in the 'createpaymentintent' and...

7.5CVSS0.00333EPSS
Exploits0References3
CVE
CVE
added 2026/07/10 4:31 a.m.11 views

CVE-2026-15288

CVE-2026-15288 affects the SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress. All versions up to and including 2.2.1 are vulnerable to Improper Input Validation: the plugin accepts the payment amount directly from user-controlled POST data in the create_payment_intent and ...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.7 views

CVE-2026-42377

Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...

7.3CVSS5.4AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 8:16 a.m.5 views

CVE-2026-42377

Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...

7.3CVSS0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 7:27 a.m.9 views

EUVD-2026-26194

Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...

7.3CVSS5.2AI score0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 7:27 a.m.31 views

CVE-2026-42377 WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...

7.3CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 7:27 a.m.13 views

CVE-2026-42377

The CVE-2026-42377 entry documents a Missing Authorization/Broken Access Control issue in Brainstorm Force SureForms Pro (affecting versions up to and including 2.8.0). The vulnerability arises from incorrectly configured access control security levels, allowing unauthorized actions as described ...

7.3CVSS5.2AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 7:27 a.m.5 views

CVE-2026-42377 WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...

7.3CVSS5.1AI score0.00229EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 7:27 a.m.9 views

CVE-2026-42377

Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...

7.3CVSS5.1AI score0.00229EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

WordPress Plugin SureForms Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.3CVSS5.8AI score0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.8 views

PT-2026-35869

Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...

7.3CVSS5.1AI score0.00229EPSS
Exploits0References1
Rows per page
Query Builder