A vulnerability was found in brainstormforce SureForms Plugin up to 2.2.1. It has been declared as problematic. This affects the function
create_payment_intent/create_subscription_intent of the component Payment Intent Handler. Such manipulation leads to improper input validation.
This vulnerability is referenced as CVE-2026-15288. It is possible to launch the attack remotely. No exploit is available.