Lucene search
K

818 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.8 views

CVE-2026-4160

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submissionid' parameter in versions up to, and including, 6.1.21. This is due to missing authorization and ownership validatio...

5.3CVSS5.5AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-5396

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS5.5AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5395

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS5.6AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 1:47 p.m.16 views

CLEANSTART-2026-VZ08395 Security fixes for CVE-2026-24051, CVE-2026-27139, CVE-2026-27141, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-39883, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 3.6.0-r3, 3.6.0-r4

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01557EPSS
Exploits2References25
OSV
OSV
added 2026/05/18 1:47 p.m.10 views

CLEANSTART-2026-KF86214 Security fixes for CVE-2025-61730, CVE-2025-61732, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-39883 applied in versions: 3.4.0-r7, 3.4.0-r8

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

8.8CVSS7.1AI score0.00621EPSS
Exploits1References23
Patchstack
Patchstack
added 2026/05/14 10:2 a.m.11 views

WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass vulnerability

Authenticated Subscriber+ Authorization Bypass vulnerability discovered by Sander Horsman - Conda Security in WordPress Plugin FluentForm versions = 6.2.0...

8.2CVSS5.8AI score0.00234EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 10:1 a.m.13 views

WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass vulnerability

Authenticated Subscriber+ Authorization Bypass vulnerability discovered by Sander Horsman - Conda Security in WordPress Plugin FluentForm versions = 6.1.21...

8.2CVSS5.8AI score0.00218EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/14 7:16 a.m.35 views

CVE-2026-5395

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS0.00234EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 6:44 a.m.54 views

CVE-2026-5395 Fluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' Parameter

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS0.00234EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 6:44 a.m.6 views

CVE-2026-5395 Fluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' Parameter

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS5.9AI score0.00234EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 6:44 a.m.30 views

CVE-2026-5395

The Fluent Forms plugin for WordPress (Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder) is affected by CVE-2026-5395, with vulnerable versions all the way through 6.2.0. The root cause is an Insecure Direct Object Reference in the exportEntries function caus...

8.2CVSS5.9AI score0.00234EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 6:44 a.m.34 views

EUVD-2026-30250

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...

8.2CVSS5.9AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 6:16 a.m.32 views

CVE-2026-5396

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS0.00218EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 5:30 a.m.19 views

EUVD-2026-30232

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS5.8AI score0.00218EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 5:30 a.m.59 views

CVE-2026-5396 Fluent Forms <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass via 'form_id' Parameter

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS0.00218EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 5:30 a.m.8 views

CVE-2026-5396 Fluent Forms <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass via 'form_id' Parameter

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS5.8AI score0.00218EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 5:30 a.m.15 views

CVE-2026-5396

The CVE-2026-5396 case concerns the Fluent Forms WordPress plugin (all versions up to 6.1.21). The underlying issue is in the SubmissionPolicy logic, which authenticates submission-level actions based on a user-supplied form_id parameter. This allows authenticated attackers who have Fluent Forms ...

8.2CVSS5.8AI score0.00218EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:30 a.m.7 views

CVE-2026-5396

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied formid quer...

8.2CVSS5.8AI score0.00218EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.8 views

WordPress plugin Fluent Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.2CVSS5.8AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40870

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions read, modify, delete, add notes based on a user-supplied form id que...

8.2CVSS5.8AI score0.00218EPSS
Exploits0References3
Rows per page
Query Builder