CVE-2026-11880
Fluent Forms < 6.2.1 - Subscriber+ Subscription Cancellation via IDOR
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account to cancel subscriptions belonging to other users.
| Vendor | unknown |
| Product | fluent forms |
| Published | Jul 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown fluent forms
Be the first to know when new unknown vulnerabilities affecting unknown fluent forms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / Fluent Forms
0 < 6.2.1
References
Credits
Pedro Pinho WPScan