CVE-2026-2899

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...

CVE-2026-2365

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

WordPress Fluent Forms Pro plugin <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission vulnerability

Unauthenticated Stored Cross-Site Scripting via Draft Form Submission vulnerability discovered by Prickly Cactus in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.17...

WordPress Fluent Forms Pro Add On Pack plugin <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by Prickly Cactus in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.17...

EUVD-2026-9526

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...

EUVD-2026-9524

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

CVE-2026-2899

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...

CVE-2026-2365

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

CVE-2026-2899 Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...

CVE-2026-2899 Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...

CVE-2026-2365

CVE-2026-2365 affects the Fluent Forms Pro WordPress plugin (versions up to and including 6.1.17). The vulnerability is Stored Cross-Site Scripting via the fluentform_step_form_save_data AJAX action, arising from a publicly accessible draft form submission endpoint without authentication or nonce...

CVE-2026-2365 Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

CVE-2026-2365 Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

WordPress plugin Fluent Forms Pro 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Fluent Forms Pro Add On Pack 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-23130

Name of the Vulnerable Software and Affected Versions Fluent Forms Pro Add On Pack versions up to and including 6.1.17 Description The Fluent Forms Pro Add On Pack plugin for WordPress has a missing authorization issue. The deleteFile method within the Uploader class does not properly verify nonc...

PT-2026-23129

Name of the Vulnerable Software and Affected Versions Fluent Forms Pro versions up to and including 6.1.17 Description The Fluent Forms Pro plugin for WordPress is susceptible to Stored Cross-Site Scripting through the fluentform step form save data AJAX action. The draft form submission endpoint...

CVE-2026-2428

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.1.17. This is due to the PayPal IPN Instant Payment Notification verification being disabled by default disableipnverification defaults to...

WordPress Fluent Forms Pro Add On Pack plugin <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification vulnerability

Missing Authorization to Unauthenticated Payment Status modification vulnerability discovered by Prickly Cactus in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.17...

EUVD-2026-8986

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.1.17. This is due to the PayPal IPN Instant Payment Notification verification being disabled by default disableipnverification defaults to...