CVE-2026-2268 Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninjaformsmergetags filter to user-supplied input within repeater fields, which allows the resolution of postmeta:KEY mer...

CVE-2026-2268 Ninja Forms <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninjaformsmergetags filter to user-supplied input within repeater fields, which allows the resolution of postmeta:KEY mer...

CVE-2026-2268

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninjaformsmergetags filter to user-supplied input within repeater fields, which allows the resolution of postmeta:KEY mer...

WordPress Fluent Forms plugin <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via AI Form Builder Module vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin FluentForm versions = 6.1.14...

WordPress Ninja Forms plugin <= 3.14.0 - Unauthenticated Information Disclosure in nf_ajax_submit AJAX Action vulnerability

Unauthenticated Information Disclosure in nfajaxsubmit AJAX Action vulnerability discovered by johska in WordPress Plugin Ninja Forms versions = 3.14.0...

CVE-2026-0996

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

CVE-2026-0996

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

CVE-2026-0996

CVE-2026-0996 affects the WordPress plugin Fluent Forms (AI Form Builder module) up to version 6.1.14. The issue is a Stored Cross-Site Scripting vulnerability caused by missing authorization checks, a leaked nonce, and insufficient input sanitization, allowing Subscriber-level users to trigger A...

CVE-2026-0996 Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

CVE-2026-0996 Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

WordPress plugin Fluent Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Ninja Forms 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-7232

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows...

PT-2026-7248

The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of the ninja forms merge tags filter to user-supplied input within repeater fields, which allows the resolution of post meta:KEY...

WordPress Fluent Forms Pro Add On Pack plugin <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource' vulnerability

Authenticated Subscriber+ Server-Side Request Forgery via 'saveDataSource' vulnerability discovered by andrea bocchetti in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.12...

CVE-2026-0632

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

CVE-2026-0632 Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource'

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

CVE-2026-0632

CVE-2026-0632 affects the Fluent Forms Pro Add On Pack for WordPress. All versions up to and including 6.1.12 are vulnerable to Server-Side Request Forgery via the saveDataSource function. Authenticated users with Subscriber-level access or higher can cause the web application to make requests to...

CVE-2026-0632 Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource'

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

CVE-2026-0632

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...