Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder — Vulnerabilities & Security Advisories 21

All 21 CVE vulnerabilities found in Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder, with AI-generated Chinese analysis, references, and POCs.

Vendor: techjewel

CVE IDTitleCVSSSeverityPublished
CVE-2026-4160 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification CWE-639 5.3 Medium2026-04-16
CVE-2026-0996 Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module CWE-79 6.4 Medium2026-02-10
CVE-2025-13722 Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder CWE-862 5.3 Medium2026-01-07
CVE-2025-13748 Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id CWE-639 5.3 Medium2025-12-06
CVE-2025-9260 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read CWE-502 6.5 Medium2025-09-02
CVE-2025-3615 Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-04-17
CVE-2024-13666 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 5.2.12 - IP-Spoofing CWE-20 5.3 Medium2025-03-22
CVE-2024-10646 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject CWE-79 7.2 High2024-12-14
CVE-2024-9528 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Form Manager+) Stored Cross-Site Scripting CWE-79 4.9 Medium2024-10-05
CVE-2024-5053 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification CWE-285 4.2 Medium2024-09-01
CVE-2024-6703 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields CWE-79 4.9 Medium2024-07-27
CVE-2024-6518 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting CWE-79 4.4 Medium2024-07-27
CVE-2024-6520 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting CWE-79 4.4 Medium2024-07-27
CVE-2024-6521 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting CWE-79 4.4 Medium2024-07-27
CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues CWE-502 7.5 High2024-05-22
CVE-2024-4709 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-18
CVE-2024-2772 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-05-18
CVE-2024-2782 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation CWE-862 7.5 High2024-05-18
CVE-2024-2771 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation CWE-862 9.8 Critical2024-05-18
CVE-2023-6957 Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 4.9 Medium2024-03-13
CVE-2024-0618 Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title CWE-79 4.4 Medium2024-01-27

All 21 known CVE vulnerabilities affecting Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder with full Chinese analysis, references, and POCs where available.