Threat Entry Updated 2026-06-17

CVE-2026-7798 - And Crm Solution Plugin

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Exploitation requires that the SES bounce handling key ('_fc_bounce_key') has never been stored (i.e., the site is in its default/unconfigured state with…

PLUGIN And Crm Solution

CVE-2026-7798

MEDIUM CVSS 5.4 2026-05-22

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-11-21

CVE-2025-12935 - And Crm Solution Plugin

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fluentcrm_content' shortcode in all versions up to, and including, 2.9.84 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN And Crm Solution

CVE-2025-12935

MEDIUM CVSS 6.4 2025-11-21

Risk Score

Open Full Technical Breakdown