๐Ÿ” CVE Alert

CVE-2026-11578

LOW 2.7

Fluent Forms < 6.2.5 - Form Manager+ Cross-Form Submission Entry Deletion via IDOR

CVSS Score
2.7
EPSS Score
0.0%
EPSS Percentile
0th

The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This requires a non-default configuration in which an administrator has created at least one Manager restricted to specific forms.

Vendor unknown
Product fluent forms
Published Jul 2, 2026
Last Updated Jul 2, 2026
Stay Ahead of the Next One

Get instant alerts for unknown fluent forms

Be the first to know when new low vulnerabilities affecting unknown fluent forms are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / Fluent Forms
0 < 6.2.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/3937e20f-dd46-4c2e-b170-d5e5c254b8d2/

Credits

Muni Nitish Kumar Yaddala WPScan