Product
The SureForms - Drag and Drop Form Builder for WordPress plugin (versions up to and including 2.2.1) is vulnerable to improper input validation (CVE-2026-15288), allowing unauthenticated attackers to modify payment amounts in user-controlled POST data when submitting Stripe payment forms, enabling them to purchase products or services at arbitrarily reduced prices.