Tag

Insecure-Direct-Object-Reference

1 brief RSS

Fluent Forms WordPress Plugin IDOR Vulnerability (CVE-2026-5395)

The Fluent Forms WordPress plugin through 6.2.0 is vulnerable to Insecure Direct Object Reference (IDOR), allowing authenticated users with manager-level access or higher to bypass form-level access controls, export arbitrary database tables, and enumerate table names via error messages, as tracked by CVE-2026-5395.

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.2.0 insecure-direct-object-reference wordpress fluentforms cve-2026-5395

2r 2t 1c 1h ago