A vulnerability was found in brainstormforce SureForms Plugin up to 2.5.2 on WordPress. It has been rated as critical . Affected is the function create_payment_intent of the component Setting Handler . This manipulation of the argument form_id causes improper authentication. This vulnerability is tracked as CVE-2026-4987 . The attack is possible to be carried out remotely. No exploit exists.