2 matches found
WordPress Fluent Forms plugin <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id vulnerability
Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submissionid vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin FluentForm versions = 6.1.7...
CVE-2025-13748 Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...