CVE-2026-11567 SureForms < 2.11.1 - Unauthenticated Payment Amount Bypass
The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced variable/hidden payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not...