CVE-2026-11578
Fluent Forms < 6.2.5 - Form Manager+ Cross-Form Submission Entry Deletion via IDOR
CVSS Score
2.7
EPSS Score
0.0%
EPSS Percentile
0th
The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This requires a non-default configuration in which an administrator has created at least one Manager restricted to specific forms.
| Vendor | unknown |
| Product | fluent forms |
| Published | Jul 2, 2026 |
| Last Updated | Jul 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown fluent forms
Be the first to know when new low vulnerabilities affecting unknown fluent forms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / Fluent Forms
0 < 6.2.5
References
Credits
Muni Nitish Kumar Yaddala WPScan