CVE-2026-11880
The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, al
CVSS
3.1
Bajo
EPSS
0.1%
p4
KEV
—
Exploit Today
1
0-100
Publicado: 1 jul 2026 · Última mod.: 1 jul 2026
0.1%EPSS · 30 días0.1%
2026-07-012026-07-16
The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account to cancel subscriptions belonging to other users.
Sin CVEs relacionados por CWE o producto.