5 matches found
CVE-2026-2899
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...
WordPress Fluent Forms Pro Add On Pack plugin <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by Prickly Cactus in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.17...
EUVD-2026-9526
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...
WordPress Fluent Forms Pro Add On Pack plugin <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification vulnerability
Missing Authorization to Unauthenticated Payment Status modification vulnerability discovered by Prickly Cactus in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.17...
CVE-2026-2428
The CVE concerns the Fluent Forms Pro Add On Pack for WordPress, vulnerable in all versions up to 6.1.17 due to disabled PayPal IPN verification (disable_ipn_verification defaults to 'yes' in PayPalSettings.php). This enables unauthenticated attackers to send forged PayPal IPN notifications to th...