| CVE-2026-4160 | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 5.3 | 2026-04-16 13:27:09 | Deep Dive |
| CVE-2026-2231 | Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters | techjewel | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution | High | 7.2 | 2026-03-26 13:26:06 | Deep Dive |
| CVE-2026-2899 | Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion | techjewel | Fluent Forms Pro Add On Pack | Medium | 6.5 | 2026-03-05 03:23:41 | Deep Dive |
| CVE-2026-2365 | Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission | techjewel | Fluent Forms Pro Add On Pack | High | 7.2 | 2026-03-05 03:23:41 | Deep Dive |
| CVE-2026-2428 | Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification | techjewel | Fluent Forms Pro Add On Pack | High | 7.5 | 2026-02-27 03:23:19 | Deep Dive |
| CVE-2025-12845 | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 0.5.4 - 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure and Privilege Escalation | essekia | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent | High | 8.8 | 2026-02-19 03:25:18 | Deep Dive |
| CVE-2026-0996 | Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 6.4 | 2026-02-10 05:29:42 | Deep Dive |
| CVE-2026-0632 | Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource' | techjewel | Fluent Forms Pro Add On Pack | Medium | 5.4 | 2026-02-09 11:22:36 | Deep Dive |
| CVE-2025-67926 | WordPress Fluent Support plugin <= 1.10.4 - Broken Access Control vulnerability | Shahjahan Jewel | Fluent Support | Medium | 6.5 | 2026-01-08 09:17:48 | Deep Dive |
| CVE-2025-13722 | Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 5.3 | 2026-01-07 09:21:06 | Deep Dive |
| CVE-2025-67597 | WordPress Fluent Booking plugin <= 1.9.11 - Broken Access Control vulnerability | Shahjahan Jewel | Fluent Booking | Medium | 4.3 | 2025-12-09 14:14:19 | Deep Dive |
| CVE-2025-13748 | Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 5.3 | 2025-12-06 06:39:09 | Deep Dive |
| CVE-2025-13756 | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management | techjewel | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution | Medium | 4.3 | 2025-12-03 13:52:45 | Deep Dive |
| CVE-2025-12978 | CVE-2025-12978 | FluentBit | Fluent Bit | - | - | 2025-11-24 14:42:06 | Deep Dive |
| CVE-2025-12969 | CVE-2025-12969 | FluentBit | Fluent Bit | - | - | 2025-11-24 14:41:06 | Deep Dive |
| CVE-2025-12972 | CVE-2025-12972 | FluentBit | Fluent Bit | - | - | 2025-11-24 14:40:36 | Deep Dive |
| CVE-2025-12977 | CVE-2025-12977 | FluentBit | Fluent Bit | - | - | 2025-11-24 14:40:13 | Deep Dive |
| CVE-2025-12970 | CVE-2025-12970 | FluentBit | Fluent Bit | - | - | 2025-11-24 14:39:53 | Deep Dive |
| CVE-2025-11499 | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload | essekia | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent | Critical | 9.8 | 2025-11-01 06:40:37 | Deep Dive |
| CVE-2025-9260 | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 6.5 | 2025-09-02 23:22:46 | Deep Dive |