All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-11578
LOWpublished 2026-07-02 06:16 UTC · 2 days ago · modified 2026-07-02 15:12 UTC
2.7
CVSS / 10
// description
The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This requires a non-default configuration in which an administrator has created at least one Manager restricted to specific forms.