FluentCommunity < 2.1.0 – Missing Authorization | CVE 2025-66084 | Plugin Vulnerabilities

Description

The FluentCommunity – Ultra-Fast High-Performance Social Network, Community, LMS & Online Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

fluent-community

Fixed in 2.1.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/388ce0d2-47d9-4c45-904c-ed7ef25b3416

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

daroo

Verified

No

WPVDB ID

a2457134-d7ff-4c3a-a362-4306fc8ca603

Timeline

Publicly Published

2025-11-28 (about 5 months ago)

Added

2025-12-01 (about 5 months ago)

Last Updated

2025-12-01 (about 5 months ago)

Other

Published

Title

Published

2025-05-16

Title

6Storage Rentals <= 2.20.1 - Missing Authorization

Published

2025-04-04

Title

Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update

Published

2024-08-02

Title

Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare < 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Theme Update

Published

2025-01-06

Title

Croma Music < 3.6.1 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax

Published

2026-01-24

Title

WPElemento Importer < 0.6.5 - Missing Authorization