CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

796 matches found

CVE-2026-6344

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...

4.9CVSS5.6AI score0.00414EPSS

Exploits0References1

RedhatCVE•added yesterday•1 views

CVE-2026-6828

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'permissionmessage' parameter in all versions up to, and including, 6.2.1 due to insufficient input sanitization and output escaping...

6.4CVSS5.7AI score0.0004EPSS

Exploits0References1

RedhatCVE•added yesterday•1 views

CVE-2026-4160

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submissionid' parameter in versions up to, and including, 6.1.21. This is due to missing authorization and ownership validatio...

5.3CVSS5.5AI score0.00021EPSS

Exploits0References1

RedhatCVE•added yesterday•1 views

CVE-2026-5396

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS5.5AI score0.00039EPSS

Exploits0References1

RedhatCVE•added yesterday•2 views

CVE-2026-5395

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS5.6AI score0.00039EPSS

Exploits0References1

Nuclei•added 2 days ago•16 views

Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation

The plugin is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's...

9.8CVSS5.8AI score0.21837EPSS

Exploits1References3

OSV•added 2026/05/18 1:47 p.m.•6 views

CLEANSTART-2026-KF86214 Security fixes for CVE-2025-61730, CVE-2025-61732, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-39883 applied in versions: 3.4.0-r7, 3.4.0-r8

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

8.6CVSS7.1AI score0.00022EPSS

Exploits1References23

OSV•added 2026/05/18 1:47 p.m.•7 views

CLEANSTART-2026-VZ08395 Security fixes for CVE-2026-24051, CVE-2026-27139, CVE-2026-27141, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-39883, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 3.6.0-r3, 3.6.0-r4

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.00023EPSS

Exploits2References25

Patchstack•added 2026/05/14 10:2 a.m.•7 views

WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass vulnerability

Authenticated Subscriber+ Authorization Bypass vulnerability discovered by Sander Horsman - Conda Security in WordPress Plugin FluentForm versions = 6.2.0...

8.2CVSS5.8AI score0.00039EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/05/14 10:1 a.m.•6 views

WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass vulnerability

Authenticated Subscriber+ Authorization Bypass vulnerability discovered by Sander Horsman - Conda Security in WordPress Plugin FluentForm versions = 6.1.21...

8.2CVSS5.8AI score0.00039EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/14 7:16 a.m.•9 views

CVE-2026-5395

8.2CVSS0.00039EPSS

Exploits0References2

Vulnrichment•added 2026/05/14 6:44 a.m.•3 views

CVE-2026-5395 Fluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' Parameter

8.2CVSS5.9AI score0.00039EPSS

Exploits0References2

EUVD•added 2026/05/14 6:44 a.m.•3 views

EUVD-2026-30250

8.2CVSS5.9AI score0.00039EPSS

Exploits0References2

CVE•added 2026/05/14 6:44 a.m.•8 views

CVE-2026-5395

The Fluent Forms plugin for WordPress (Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder) is affected by CVE-2026-5395, with vulnerable versions all the way through 6.2.0. The root cause is an Insecure Direct Object Reference in the exportEntries function caus...

8.2CVSS5.9AI score0.00039EPSS

Exploits0References2