8 matches found
CVE-2026-25313
CVE-2026-25313 relates to the WordPress FluentForm plugin (versions up to 6.1.14). The Red Hat/NVD entries describe a Missing Authorization vulnerability in FluentForm that allows exploitation through incorrectly configured access control security levels. The CVSS 3.1 metrics indicate a network a...
CVE-2026-25313 WordPress FluentForm plugin <= 6.1.14 - Broken Access Control vulnerability
Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through = 6.1.14...
WordPress FluentForm plugin <= 6.1.14 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin FluentForm versions = 6.1.14...
CVE-2025-69001 WordPress FluentForm plugin <= 6.1.11 - Arbitrary Shortcode Execution vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through = 6.1.11...
WordPress FluentForm Plugin <= 5.1.19 is vulnerable to Cross Site Scripting (XSS)
Software FluentForm Type Plugin Vulnerable versions = 5.1.19 Fixed in 5.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6520 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8737e12493c8 Credits Joel Indra Yoel Indra...
WordPress FluentForm Plugin <= 5.1.16 is vulnerable to Cross Site Scripting (XSS)
Software FluentForm Type Plugin Vulnerable versions = 5.1.16 Fixed in 5.1.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4709 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5a184173f5e7 Credits Tobias Weißhaar kun19...
CVE-2023-24410 WordPress FluentForm Plugin <= 4.3.25 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin –...
WordPress FluentForm Plugin <= 4.3.25 is vulnerable to SQL Injection
Software FluentForm Type Plugin Vulnerable versions = 4.3.25 Fixed in 5.0.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-24410 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 40a669c23487 Credits Ravi Dharmawan Required privilege Administrator...