CVE-2026-5069: CWE-863 Incorrect Authorization in wpmanageninja Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
The Fluent Forms plugin for WordPress up to version 6.2.1 contains an incorrect authorization vulnerability in its payment cancellation AJAX flow. Authenticated users with subscriber-level access or…
Read the full articleYou might also wanna read

WAF - WAF Release - 2025-09-29
This week highlights four important vendor- and component-specific issues: an authentication bypass in SimpleHelp (CVE-2024-57727), an infor

CVE-2026-11462: Improper Authorization Vulnerability in BeikeShop Stripe Plugin (Up to v1.6.0.22)
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file p
Critical Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Unauthenticated attackers can exploit CVE-2026-3300 in Everest Forms Pro to inject and execute arbitrary PHP via Complex Calculation, enabli
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra
Supply Chain Attack Compromises Official GravityForms Plugin Repository
Update 7-12-2025 06:00 UTC: We have observed some activity in regard to one of the backdoors that involves a gf_api_token parameter. The IP

Comments
Sign in to join the conversation.
No comments yet. Be the first.