Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder — Vulnerabilities & Security Advisories 25

All 25 CVE vulnerabilities found in Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive aggregation of security vulnerabilities associated with Fluent Forms, specifically categorized under customizable contact forms, surveys, quizzes, and conversational form builder platforms. It focuses on weakness types such as cross-site scripting, insecure direct object references, and improper access control mechanisms that may arise within the product’s configuration or usage scenarios. The content collects data on known security flaws and misconfigurations affecting this WordPress plugin, covering vulnerability disclosures and advisories from early 2020 through the present. This time range captures the evolution of the product’s security posture, including patches for legacy versions and emerging threats related to its dynamic form generation capabilities. Visitors can use this resource to track vendor advisories and monitor how Fluent Forms addresses specific weakness classes over time. It allows users to look up the vulnerability history of the product to assess long-term stability and security practices. By reviewing the aggregated data, developers and administrators can understand the context of reported issues, identify recurring patterns in security flaws, and make informed decisions about patching and configuration hardening. This structured view helps in evaluating the overall risk profile of the software without relying on fragmented information sources.

Vendor: techjewel

CVE IDTitleCVSSSeverityPublished
CVE-2026-5395 Fluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' Parameter CWE-639 8.2 High2026-05-14
CVE-2026-5396 Fluent Forms <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass via 'form_id' Parameter CWE-639 8.2 High2026-05-14
CVE-2026-6828 Fluent Forms <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'permission_message' Shortcode Attribute CWE-79 6.4 Medium2026-05-13
CVE-2026-6344 Fluent Forms <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal in Email Attachment CWE-22 4.9 Medium2026-05-06
CVE-2026-4160 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification CWE-639 5.3 Medium2026-04-16
CVE-2026-0996 Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module CWE-79 6.4 Medium2026-02-10
CVE-2025-13722 Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder CWE-862 5.3 Medium2026-01-07
CVE-2025-13748 Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id CWE-639 5.3 Medium2025-12-06
CVE-2025-9260 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read CWE-502 6.5 Medium2025-09-02
CVE-2025-3615 Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-04-17
CVE-2024-13666 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 5.2.12 - IP-Spoofing CWE-20 5.3 Medium2025-03-22
CVE-2024-10646 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject CWE-79 7.2 High2024-12-14
CVE-2024-9528 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Form Manager+) Stored Cross-Site Scripting CWE-79 4.9 Medium2024-10-05
CVE-2024-5053 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification CWE-285 4.2 Medium2024-09-01
CVE-2024-6703 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields CWE-79 4.9 Medium2024-07-27
CVE-2024-6518 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting CWE-79 4.4 Medium2024-07-27
CVE-2024-6520 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting CWE-79 4.4 Medium2024-07-27
CVE-2024-6521 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting CWE-79 4.4 Medium2024-07-27
CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues CWE-502 7.5 High2024-05-22
CVE-2024-4709 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-18
CVE-2024-2772 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-18
CVE-2024-2782 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation CWE-862 7.5 High2024-05-18
CVE-2024-2771 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation CWE-862 9.8 Critical2024-05-18
CVE-2023-6957 Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 4.9 Medium2024-03-13
CVE-2024-0618 Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title CWE-79 4.4 Medium2024-01-27

All 25 known CVE vulnerabilities affecting Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder with full Chinese analysis, references, and POCs where available.