EUVD-2024-27715

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes ...

CVE-2024-2771

CVE-2024-2771 affects the Contact Form Plugin by Fluent Forms for WordPress. The issue is an unauthenticated privilege-escalation caused by a missing capability check on the REST endpoint /wp-json/fluentform/v1/managers. Vulnerable in all versions up to 5.1.16, allowing an unauthenticated attacke...

WordPress plugin Fluent Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-22058

Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.16 Description: The issue is related to a missing capability check on the...

WordPress plugin Fluent Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-22001

Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.16 Description: The issue is related to a missing capability check on the...

PT-2024-32404 · Fluent Forms · Contact Form Plugin By Fluent Forms

Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.16 Description: The issue is related to Stored Cross-Site Scripting via the subject parameter du...

WordPress plugin Fluent Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Fluent Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-22010 · WordPress · Contact Form Plugin By Fluent Forms

Name of the Vulnerable Software and Affected Versions: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.13 Description: The issue is related to Stored Cross-Site Scripting via form settings due to...

CVE-2024-35174

Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42...

CVE-2024-35174 WordPress Flo Forms plugin <= 1.0.42 - Broken Access Control vulnerability

Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42...

CVE-2024-35174 WordPress Flo Forms plugin <= 1.0.42 - Broken Access Control vulnerability

Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42...

CVE-2024-35174

CVE-2024-35174 is a Missing Authorization vulnerability in the Flo Forms plugin for WordPress, affecting Flo Forms versions up to 1.0.42. The root cause, per sources, is broken access control that permits unauthorized access to Flo Forms data; exploitation details are not provided in the document...

CVE-2024-23522

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7...

CVE-2024-23522

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7...

CVE-2024-23522

CVE-2024-23522 affects WordPress Formidable Forms plugin versions

CVE-2024-23522 WordPress Formidable Forms plugin <= 6.7 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7...

CVE-2024-23522 WordPress Formidable Forms plugin <= 6.7 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7...

PT-2024-19924 · Unknown · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms versions through 6.7 Description: The issue is related to an Improper Neutralization of Script-Related HTML Tags in a Web Page, also known as Basic XSS, allowing Code Injection in Formidable Forms. Recommendations: For versio...