4 matches found
CVE-2026-5396
The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...
EUVD-2026-30232
The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...
PT-2026-40870
The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied form id que...
CVE-2025-14072 Ninja Forms < 3.13.3 - Unauthenticated Token Generation and Submission Disclosure
The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions...