Lucene search
+L

831 matches found

Nuclei
Nuclei
added yesterday22 views

Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation

The plugin is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's...

9.8CVSS5.3AI score0.02333EPSS
Exploits1References3
NVD
NVD
added 6 days ago3 views

CVE-2026-57715

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja Fluent CRM fluent-crm allows Reflected XSS.This issue affects Fluent CRM: from n/a through = 3.1.7...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago28 views

CVE-2026-57715 WordPress Fluent CRM plugin <= 3.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPManageNinja Fluent CRM fluent-crm allows Reflected XSS.This issue affects Fluent CRM: from n/a through = 3.1.7...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 6 days ago18 views

CVE-2026-57715

CVE-2026-57715 affects the WordPress Fluent CRM plugin (Fluent CRM) up to version

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-57754

Name of the Vulnerable Software and Affected Versions WPManageNinja Fluent CRM versions prior to 3.1.8 Description An issue involving improper neutralization of input during web page generation allows for Reflected Cross-site Scripting XSS, a technique where malicious scripts are injected into a...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References3
NVD
NVD
added 2026/07/10 4:17 a.m.9 views

CVE-2026-5069

The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscriptionid' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated...

5.4CVSS0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/10 2:30 a.m.33 views

CVE-2026-5069 Fluent Forms <= 6.2.1 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Subscription Cancellation via 'subscription_id'

The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscriptionid' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated...

5.4CVSS0.00176EPSS
Exploits0References2
CVE
CVE
added 2026/07/10 2:30 a.m.11 views

CVE-2026-5069

Vulnerability summary (CVE-2026-5069) : The Fluent Forms plugin for WordPress up to version 6.2.1 is vulnerable to incorrect authorization via the subscription_id parameter in the payment cancellation AJAX flow. The root cause is insufficient ownership authorization checks, allowing authenticated...

5.4CVSS5.9AI score0.00176EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/10 2:30 a.m.8 views

CVE-2026-5069

The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscriptionid' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00176EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/10 2:30 a.m.9 views

EUVD-2026-42778

The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscriptionid' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00176EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/09 12:8 p.m.5 views

WordPress Fluent CRM plugin <= 3.1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Fluent CRM versions = 3.1.7...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/02 6:16 a.m.11 views

CVE-2026-11578

The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This require...

2.7CVSS0.00168EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 6:0 a.m.16 views

CVE-2026-11578

The CVE concerns the Fluent Forms WordPress plugin prior to 6.2.5, where deletion of form submission entries is not properly restricted to forms a restricted Manager is authorized to manage. This misconfiguration allows a Manager limited to specific forms to permanently delete submission entries ...

2.7CVSS5.8AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 6:0 a.m.46 views

CVE-2026-11578 Fluent Forms < 6.2.5 - Form Manager+ Cross-Form Submission Entry Deletion via IDOR

The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This require...

0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 6:0 a.m.12 views

EUVD-2026-41253

The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This require...

2.7CVSS5.8AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 7:16 a.m.14 views

CVE-2026-11880

The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account to cancel subscriptions belonging to other users...

3.1CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:0 a.m.20 views

CVE-2026-11880

The CVE-2026-11880 entry concerns Fluent Forms WordPress plugin versions prior to 6.2.1, where ownership is not properly verified before processing a subscription cancellation request. This allows authenticated users with a low-privilege account to cancel subscriptions belonging to other users du...

3.1CVSS5.8AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 6:0 a.m.42 views

CVE-2026-11880 Fluent Forms < 6.2.1 - Subscriber+ Subscription Cancellation via IDOR

The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account to cancel subscriptions belonging to other users...

0.00139EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 7:16 a.m.13 views

CVE-2026-9576

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested groupid before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII name, email, phone, address, payment information from...

4.9CVSS0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:0 a.m.7 views

EUVD-2026-40264

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested groupid before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII name, email, phone, address, payment information from...

4.9CVSS5.8AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder