CVE-2026-11880
The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, al
CVSS
3.1
Low
EPSS
0.1%
p4
KEV
—
Exploit Today
1
0-100
Published: Jul 1, 2026 · Last modified: Jul 1, 2026
0.1%EPSS · 30 days0.1%
2026-07-012026-07-16
The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account to cancel subscriptions belonging to other users.
No related CVEs by CWE or product.