Lucene search
+L

272 matches found

nvd
nvd
added 2026/05/14 7:16 a.m.35 views

CVE-2026-5395

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS0.00234EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/14 6:44 a.m.55 views

CVE-2026-5395 Fluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' Parameter

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS0.00234EPSS
Exploits0References2
cve
cve
added 2026/05/14 6:44 a.m.31 views

CVE-2026-5395

The Fluent Forms plugin for WordPress (Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder) is affected by CVE-2026-5395, with vulnerable versions all the way through 6.2.0. The root cause is an Insecure Direct Object Reference in the exportEntries function caus...

8.2CVSS5.9AI score0.00234EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/14 6:44 a.m.7 views

CVE-2026-5395 Fluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' Parameter

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS5.9AI score0.00234EPSS
Exploits0References2
euvd
euvd
added 2026/05/14 6:44 a.m.34 views

EUVD-2026-30250

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS5.9AI score0.00234EPSS
Exploits0References2
nvd
nvd
added 2026/05/14 6:16 a.m.33 views

CVE-2026-5396

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS0.00218EPSS
Exploits0References2
euvd
euvd
added 2026/05/14 5:30 a.m.19 views

EUVD-2026-30232

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS5.8AI score0.00218EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/14 5:30 a.m.60 views

CVE-2026-5396 Fluent Forms <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass via 'form_id' Parameter

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS0.00218EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/14 5:30 a.m.8 views

CVE-2026-5396 Fluent Forms <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass via 'form_id' Parameter

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS5.8AI score0.00218EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/14 5:30 a.m.9 views

CVE-2026-5396

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS5.8AI score0.00218EPSS
Exploits0References3
cve
cve
added 2026/05/14 5:30 a.m.17 views

CVE-2026-5396

The CVE-2026-5396 case concerns the Fluent Forms WordPress plugin (all versions up to 6.1.21). The underlying issue is in the SubmissionPolicy logic, which authenticates submission-level actions based on a user-supplied form_id parameter. This allows authenticated attackers who have Fluent Forms ...

8.2CVSS5.8AI score0.00218EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/14 12:0 a.m.13 views

WordPress plugin Fluent Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.2CVSS5.8AI score0.00234EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/14 12:0 a.m.21 views

PT-2026-40870

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied form id que...

8.2CVSS5.8AI score0.00218EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/14 12:0 a.m.15 views

PT-2026-40887

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS5.9AI score0.00234EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/14 12:0 a.m.9 views

WordPress plugin Fluent Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.2CVSS5.8AI score0.00218EPSS
Exploits0References1
nvd
nvd
added 2026/05/13 5:16 a.m.13 views

CVE-2026-6828

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permissionmessage' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping...

6.4CVSS0.00201EPSS
Exploits0References6
euvd
euvd
added 2026/05/13 4:26 a.m.22 views

EUVD-2026-29897

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permissionmessage' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping...

6.4CVSS6AI score0.00201EPSS
Exploits0References6
cvelist
cvelist
added 2026/05/13 4:26 a.m.61 views

CVE-2026-6828 Fluent Forms <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'permission_message' Shortcode Attribute

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permissionmessage' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping...

6.4CVSS0.00201EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/05/13 4:26 a.m.8 views

CVE-2026-6828

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permissionmessage' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping...

6.4CVSS6AI score0.00201EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/05/13 4:26 a.m.8 views

CVE-2026-6828 Fluent Forms <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'permission_message' Shortcode Attribute

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permissionmessage' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping...

6.4CVSS6AI score0.00201EPSS
Exploits0References6
Rows per page
Query Builder