CVE-2026-11880
LowCVSS 3.1Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
The Fluent Forms WordPress plugin before version 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with low privileges to cancel subscriptions belonging to other users.
Risk Assessment
The risk involves the possibility of an attacker with low privileges canceling other users' subscriptions, potentially leading to service disruption, revenue loss, and breach of customer trust.
Recommendation
It is recommended to immediately update the Fluent Forms plugin to version 6.2.1 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account to cancel subscriptions belonging to other users.

