Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Network-accessible form requires no authentication; AC:H because exploitation requires a variable-priced form configuration and precise parameter interception; integrity impact only - no confidentiality or availability consequence.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
5DescriptionCVE.org
The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced (variable/hidden) payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not affected.
AnalysisAI
SureForms WordPress plugin before 2.11.1 permits unauthenticated attackers to submit manipulated payment amounts below the configured price on any form using a dynamically-sourced or hidden variable payment field, enabling financial fraud against site operators. The integrity bypass is confined to forms with variable pricing; fixed-price forms are explicitly unaffected. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three concurrent conditions: the target WordPress site must be running SureForms prior to version 2.11.1; at least one payment form must be configured to use a dynamically-sourced or variable/hidden payment amount field (not a fixed price); and the attacker must be able to reach and submit that form (no authentication required, PR:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 5.9 (Medium) with vector AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N reflects a network-exploitable, unauthenticated flaw with high integrity impact but no confidentiality or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker discovers a WordPress site running SureForms before 2.11.1 with a subscription form that sources the payment amount from a hidden or variable field. Using a browser proxy such as Burp Suite, the attacker intercepts the form submission and modifies the payment amount parameter to an arbitrarily low value (e.g., $0.01) before forwarding the request. … |
| Remediation | Upgrade SureForms to version 2.11.1 or later, which introduces proper server-side validation of submitted payment amounts against configured price thresholds. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
The SureForms WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the
The SureForms - Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion d
The SureForms - Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in a
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow hi
The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow hi
The SureForms WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the pa
The SureForms - Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in a
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43625
GHSA-9r96-r77r-wwjr