CVE Catalog

CVE-2026-11880

LowCVSS 3.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

The Fluent Forms WordPress plugin before version 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with low privileges to cancel subscriptions belonging to other users.

Risk Assessment

The risk involves the possibility of an attacker with low privileges canceling other users' subscriptions, potentially leading to service disruption, revenue loss, and breach of customer trust.

Recommendation

It is recommended to immediately update the Fluent Forms plugin to version 6.2.1 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account to cancel subscriptions belonging to other users.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS