CVE-2026-7798 — Server-Side Request Forgery
CVE-2026-7798 — The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possibl
What This Means For You
- If your environment is affected by CWE-918, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-7798 updates and patches.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7798 | vulnerability | CVE-2026-7798 |
| CWE-918 | weakness | CWE-918 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 22, 2026 at 12:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
WordPress Ditty Plugin: Authorization Bypass Exposes Non-Public Content
CVE-2026-9011 — The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and...
CVE-2026-8692 — The Vedrixa Forms – User Registration Form, Signup Form &
CVE-2026-8692 — The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass...
CVE-2026-8684 — The MotoPress Hotel Booking plugin for WordPress is
CVE-2026-8684 — The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due...