CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

Patchstack•added 2026/03/05 9:6 a.m.•7 views

WordPress Fluent Forms Pro plugin <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission vulnerability

Unauthenticated Stored Cross-Site Scripting via Draft Form Submission vulnerability discovered by Prickly Cactus in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.17...

7.2CVSS5.9AI score0.00263EPSS

Exploits0References1Affected Software1

NVD•added 2026/03/05 4:15 a.m.•4 views

CVE-2026-2365

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

7.2CVSS0.00263EPSS

Exploits0References3

Vulnrichment•added 2026/03/05 3:23 a.m.•2 views

CVE-2026-2365 Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission

7.2CVSS6AI score0.00263EPSS

Exploits0References3

Positive Technologies•added 2026/03/05 12:0 a.m.•4 views

PT-2026-23129

Name of the Vulnerable Software and Affected Versions Fluent Forms Pro versions up to and including 6.1.17 Description The Fluent Forms Pro plugin for WordPress is susceptible to Stored Cross-Site Scripting through the fluentform step form save data AJAX action. The draft form submission endpoint...

7.2CVSS5.9AI score0.00263EPSS

Exploits0References7

OSV•added 2018/08/31 4:29 p.m.•2 views

CVE-2018-16278

phpkaiyuancms PhpOpenSourceCMS POSCMS V3.2.0 allows an unauthenticated user to execute arbitrary SQL commands via the diy/module/member/controllers/Api.php ajaxsavedraft function with the dir parameter...

9.8CVSS6AI score0.01582EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by