WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin FluentForm versions = 6.2.1...

CVE-2025-69001

CVE-2025-69001 affects the WordPress plugin FluentForm (FluentForm/fluentform) up to version 6.1.11. The issue is an Improper Control of Generation of Code (Code Injection) that enables Arbitrary Shortcode Execution. Public sources (NVD/Red Hat/ CVE records) confirm the vulnerability and indicate...

WordPress Fluent Forms plugin <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin FluentForm versions = 6.0.2...

WordPress plugin FluentForm 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress FluentForm Plugin <= 5.1.19 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.19 Fixed in 5.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6520 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8737e12493c8 Credits Joel Indra Yoel Indra...

CVE-2024-6518 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via input fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it...

WordPress FluentForm plugin <= 5.1.15 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tobias Weißhaar kun19 in WordPress Plugin FluentForm versions = 5.1.15...

WordPress FluentForm plugin <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation vulnerability

Missing Authorization to Settings Update and Limited Privilege Escalation vulnerability discovered by Tobias Weißhaar kun19 in WordPress Plugin FluentForm versions = 5.1.16...

WordPress FluentForm Plugin <= 5.1.16 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.16 Fixed in 5.1.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4709 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5a184173f5e7 Credits Tobias Weißhaar kun19...

WordPress FluentForm Plugin <= 5.1.13 is vulnerable to Cross Site Scripting (XSS)

Software FluentForm Type Plugin Vulnerable versions = 5.1.13 Fixed in 5.1.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2772 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a989dc4961e7 Credits Tobias Weißhaar kun19...

CVE-2023-24410 WordPress FluentForm Plugin <= 4.3.25 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin –...

CVE-2023-24410 WordPress FluentForm Plugin <= 4.3.25 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin –...

FluentForm < 4.3.13 - CSV Injection

The plugin does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection PoC - As unauthenticated, submit a form using =5+5 as value in any field - As admin, export the data as CSV /wp-admin/admin.php?page=fluentformsid=1=entries - open the CSV with a...