VYPR

Fluentform

by WordPress

Source repositories

CVEs (11)

  • CVE-2026-5396HigMay 14, 2026
    risk 0.53cvss 8.2epss 0.00

    The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authorizing submission-level actions (read, modify, delete, add notes) based on a…

  • CVE-2026-5395HigMay 14, 2026
    risk 0.46cvss 8.2epss 0.00

    The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user…

  • CVE-2025-9260MedSep 3, 2025
    risk 0.42cvss 6.5epss 0.01

    The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to PHP Object Injection in versions 5.1.16 to 6.1.1 via deserialization of untrusted input in the parseUserProperties function. This makes it possible…

  • CVE-2025-3615MedApr 17, 2025
    risk 0.35cvss 6.4epss 0.00

    The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2025-69001MedJan 22, 2026
    risk 0.34cvss 5.3epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through <= 6.1.11.

  • CVE-2023-41952MedDec 13, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through 5.0.8.

  • CVE-2026-4160MedApr 16, 2026
    risk 0.27cvss 5.3epss 0.00

    The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submission_id' parameter in versions up to, and including, 6.1.21. This is due to missing authorization…

  • CVE-2025-13722MedJan 7, 2026
    risk 0.27cvss 5.3epss 0.00

    The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the `fluentform_ai_create_form` AJAX…

  • CVE-2025-13748MedDec 6, 2025
    risk 0.27cvss 5.3epss 0.00

    The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.1.7 via the 'submission_id' parameter due to missing validation on a user…

  • CVE-2024-13666MedMar 22, 2025
    risk 0.27cvss 5.3epss 0.00

    The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 5.2.12 due to insufficient IP address validation and use of user-supplied HTTP headers as…

  • CVE-2026-25313MedFeb 19, 2026
    risk 0.21cvss 4.3epss 0.00

    Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through <= 6.1.14.