CVE ID :CVE-2026-5395 Published : May 14, 2026, 7:16 a.m. | 53 minutes ago Description :The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Fluent Forms manager-level access and above, to bypass form-level access restrictions to access submissions from forms they are not authorized to view, export data from arbitrary database tables, and enumerate database table names via error message disclosure. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...