Authorization Bypass Vulnerability in FluentBoards by Mahmudul Hasan Arif
CVE-2026-40784

8.1HIGH

Key Information:

Vendor: WordPress
Status: Fluentboards
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-40784?

The FluentBoards plugin for WordPress, developed by Mahmudul Hasan Arif, contains an authorization bypass vulnerability that stems from poorly configured access control settings. This flaw allows an attacker to exploit user-controlled keys, potentially granting access to sensitive functionalities and data. Affected users should promptly update their installations of FluentBoards to prevent unauthorized access and ensure their systems remain secure.

Affected Version(s)

FluentBoards 0 <= 1.91.2

References

https://patchstack.com/database/Wordpress/Plugin/fluent-b...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Apr 15, 2026

Credit

Jakub Herman | Patchstack Bug Bounty Program

CVE-2026-40784 Data

JSON