4 matches found
CVE-2026-12400
The FlowForms – Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.1 via the updateform due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
CVE-2026-12400
FlowForms (WordPress plugin)
EUVD-2026-42847
The FlowForms – Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.1 via the updateform due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
WordPress FlowForms – Conversational Form Builder plugin <= 1.1.1 - Authenticated (Contributor+) Insecure Direct Object Reference to Arbitrary Form Modification vulnerability
Authenticated Contributor+ Insecure Direct Object Reference to Arbitrary Form Modification vulnerability discovered by Aliyan Khan in WordPress Plugin FlowForms – Conversational Form Builder versions = 1.1.1...