Description

The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account to cancel subscriptions belonging to other users.

Weaknesses

  • — CWE-639 Authorization Bypass Through User-Controlled Key

Affected products

VendorProductVersions
UnknownFluent Forms0 to <6.2.1

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 01 Jul 2026 07:05 UTC.