VYPR
Medium severity5.3NVD Advisory· Published Apr 15, 2026· Updated Apr 22, 2026

CVE-2026-1782

CVE-2026-1782

Description

The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3.9.7 This is due to the payment integrations (Stripe/PayPal) trusting a user-submitted calculation field value without recomputing or validating it against the configured form price. This makes it possible for unauthenticated attackers to manipulate the payment amount via the 'mf-calculation' field in the form submission REST request granted there exists a specific form with this particular configuration.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Patches

Vulnerability mechanics

References

2

News mentions

1