Description
The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account to cancel subscriptions belonging to other users.
Weaknesses
- — CWE-639 Authorization Bypass Through User-Controlled Key
Affected products
| Vendor | Product | Versions |
|---|---|---|
| Unknown | Fluent Forms | 0 to <6.2.1 |
References
- https://wpscan.com/vulnerability/5de7c9e9-3a47-4bc6-a1b2-33eb8d3e3ec0/ (exploit vdb-entry technical-description)
Generated from the official CVE List on 01 Jul 2026 07:05 UTC.