๐Ÿ” CVE Alert

CVE-2026-11880

UNKNOWN 0.0

Fluent Forms < 6.2.1 - Subscriber+ Subscription Cancellation via IDOR

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account to cancel subscriptions belonging to other users.

Vendor unknown
Product fluent forms
Published Jul 1, 2026
Stay Ahead of the Next One

Get instant alerts for unknown fluent forms

Be the first to know when new unknown vulnerabilities affecting unknown fluent forms are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / Fluent Forms
0 < 6.2.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/5de7c9e9-3a47-4bc6-a1b2-33eb8d3e3ec0/

Credits

Pedro Pinho WPScan