Lucene search
+L

272 matches found

Cvelist
Cvelist
added 2026/02/09 11:22 a.m.30 views

CVE-2026-0632 Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource'

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

5.4CVSS0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.8 views

WordPress plugin Fluent Forms Pro Add On Pack 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

5.4CVSS6AI score0.00225EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.6 views

CVE-2025-13722

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...

5.3CVSS5.7AI score0.00183EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-13722

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...

5.3CVSS0.00183EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 9:21 a.m.3 views

CVE-2025-13722 Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...

5.3CVSS5.3AI score0.00183EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/07 9:21 a.m.27 views

CVE-2025-13722 Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the fluentformaicreateform AJAX action. This makes it...

5.3CVSS0.00183EPSS
Exploits0References2
CVE
CVE
added 2026/01/07 9:21 a.m.23 views

CVE-2025-13722

CVE-2025-13722 affects Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder for WordPress. Wordfence reports Missing Authorization in the fluentform_ai_create_form AJAX action, allowing authenticated attackers with Subscriber+ privileges to create arbitrary forms...

5.3CVSS5.3AI score0.00183EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.12 views

CVE-2024-2772

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it...

9.8CVSS5.7AI score0.02333EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.11 views

CVE-2024-2771

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes ...

9.8CVSS6.9AI score0.02333EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.6 views

WordPress plugin Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 安全漏洞

...

5.3CVSS6.7AI score0.00183EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1605

Name of the Vulnerable Software and Affected Versions Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress versions through 6.1.7 Description The Fluent Forms plugin for WordPress is affected by a missing authorization issue. Capability check...

5.3CVSS6.3AI score0.00183EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/06 11:27 p.m.8 views

WordPress Fluent Forms plugin <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Form Creation via AI Builder vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin FluentForm versions = 6.1.7...

5.3CVSS6.8AI score0.00183EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/08 7:12 a.m.16 views

WordPress Fluent Forms plugin <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id vulnerability

Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submissionid vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin FluentForm versions = 6.1.7...

5.3CVSS6.8AI score0.0026EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/07 6:56 a.m.15 views

CVE-2025-13748

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...

5.3CVSS6AI score0.0026EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/06 9:31 a.m.6 views

EUVD-2025-201540

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...

5.3CVSS5.5AI score0.0026EPSS
Exploits0References3
NVD
NVD
added 2025/12/06 7:15 a.m.9 views

CVE-2025-13748

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...

5.3CVSS0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/06 6:39 a.m.5 views

CVE-2025-13748 Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...

5.3CVSS5.6AI score0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/06 6:39 a.m.29 views

CVE-2025-13748 Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submissionid' parameter due to missing validation on a user controlled key within...

5.3CVSS0.0026EPSS
Exploits0References2
CVE
CVE
added 2025/12/06 6:39 a.m.30 views

CVE-2025-13748

CVE-2025-13748: Fluent Forms for WordPress (

5.3CVSS5.6AI score0.0026EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/06 12:0 a.m.5 views

WordPress plugin Fluent Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.5AI score0.0026EPSS
Exploits0References3
Rows per page
Query Builder