Responsible disclosure of unpatched vulnerability CVE-2023-1430 in FluentCRM by WPManageNinja (with mitigation patch): https://github.com/karlemilnikka/CVE-2023-1430.
tl;dr Attackers can view and edit contact details in FluentCRM. WPManageNinja hasn’t patched the vulnerability within the 90-day responsible disclosure time window. I provide a mitigation snippet to prevent vulnerability exploitation while waiting for an official patch.