A vulnerability identified as critical has been detected in techjewel Fluent Forms Plugin up to 6.1.21 on WordPress. Affected is the function SubmissionPolicy of the component Query Parameter Handler . Performing a manipulation of the argument form_id results in authorization bypass. This vulnerability was named CVE-2026-5396 . The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.