PatchSiren

SureForms CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Review SureForms CVE published 2026-07-14

CVE-2026-11567

The SureForms WordPress plugin before 2.11.1 has a vulnerability allowing unauthenticated users to underpay for configured products or subscriptions due to improper validation of dynamically-sourced payment amounts. This vulnerability affects forms using dynamically-sourced payment amounts, while forms with fixed configured prices are not affected. The vulnerability has a medium defensive priority, and us [truncated]