CVE-2026-2899 | Fluent Forms Pro Add On Pack Plugin up to 6.1.17 on WordPress Attachment Deletion deleteFile attachment_id authorization

Inserito da Angelo Barbosa | Mar 4, 2026 | CVE

A vulnerability categorized as critical has been discovered in Fluent Forms Pro Add On Pack Plugin up to 6.1.17 on WordPress. Affected by this issue is the function deleteFile of the component Attachment Deletion Handler. Such manipulation of the argument attachment_id leads to missing authorization.

This vulnerability is traded as CVE-2026-2899. The attack may be launched remotely. There is no exploit available.

CVE-2026-2899 | Fluent Forms Pro Add On Pack Plugin up to 6.1.17 on WordPress Attachment Deletion deleteFile attachment_id authorization

Post correlati

CVE-2023-52533 | Unisoc T760/T770/T820/S8000 modem-ps-nas-ngmm information disclosure

CVE-2025-1870 | Mayuri K 101news 1.0 aboutus.php pagedescription sql injection

CVE-2024-31812 | Totolink EX200 4.0.3c.7646_B20201211 getWiFiExtenderConfig information disclosure

CVE-2024-0298 | Totolink N200RE 9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi setDiagnosisCfg ip os command injection