Authorization Flaw in Fluent Forms Plugin for WordPress
CVE-2026-5069
5.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 10 July 2026
What is CVE-2026-5069?
The Fluent Forms plugin for WordPress contains a vulnerability that allows authenticated users with basic subscriber-level access to manipulate subscription cancellation requests. This arises from inadequate authorization checks within the AJAX flow addressing payment cancellations, enabling potential attackers to cancel subscriptions held by other users. It is essential for website administrators using this plugin to implement appropriate security measures and apply necessary updates to mitigate any associated risks.
Affected Version(s)
Fluent Forms β Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 0 <= 6.2.1