273 matches found
WordPress Fluent Forms plugin <= 5.2.12 - IP-Spoofing vulnerability
IP-Spoofing vulnerability discovered by shaman0x01 in WordPress Plugin FluentForm versions = 5.2.12...
CVE-2025-23904
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rebrandpress Rebrand Fluent Forms rebrand-fluent-forms allows Reflected XSS.This issue affects Rebrand Fluent Forms: from n/a through = 1.0...
CVE-2025-23904
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rebrandpress Rebrand Fluent Forms rebrand-fluent-forms allows Reflected XSS.This issue affects Rebrand Fluent Forms: from n/a through = 1.0...
CVE-2025-23904 WordPress Rebrand Fluent Forms Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rebrandpress Rebrand Fluent Forms rebrand-fluent-forms allows Reflected XSS.This issue affects Rebrand Fluent Forms: from n/a through = 1.0...
CVE-2025-23904 WordPress Rebrand Fluent Forms Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rebrandpress Rebrand Fluent Forms rebrand-fluent-forms allows Reflected XSS.This issue affects Rebrand Fluent Forms: from n/a through = 1.0...
CVE-2025-23904
CVE-2025-23904 concerns the WordPress/Rebrand Fluent Forms plugin (versions
WordPress plugin Rebrand Fluent Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2024-2782
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...
CVE-2024-4157
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for...
CVE-2024-4709
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes i...
WordPress Rebrand Fluent Forms Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Rebrand Fluent Forms versions = 1.0...
CVE-2024-10646
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This...
CVE-2024-10646
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This...
CVE-2024-10646 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This...
CVE-2024-10646
CVE-2024-10646 relates to the WordPress plugin Fluent Forms – Contact Forms, Survey & Form Builder . The vulnerability is a Stored Cross-Site Scripting (XSS) in the form’s subject parameter, exploitable in all versions up to 5.2.6 due to insufficient input sanitization and output escaping. The im...
CVE-2024-10646 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This...
PT-2024-16428 · Fluent Forms · Contact Form Plugin By Fluent Forms
Name of the Vulnerable Software and Affected Versions: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder versions prior to 5.2.6 Description: The issue is related to Stored Cross-Site Scripting via the form's subject parameter due to insufficient input...
CVE-2023-41952 WordPress Fluent Forms plugin <= 5.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through = 5.0.8...
WordPress Fluent Forms plugin < 5.2.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin FluentForm versions 5.2.1...
CVE-2024-9651
The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...