Product
The Fluent Forms plugin for WordPress is vulnerable to authorization bypass via a user-controlled key (CVE-2026-5396), allowing authenticated attackers with restricted access to specific forms to manipulate submissions of unauthorized forms by spoofing the 'form_id' parameter.