| CVE-2026-4160 | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-639 | 5.3 | Medium | 2026-04-16 |
| CVE-2026-2231 | Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters — Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar SolutionCWE-79 | 7.2 | High | 2026-03-26 |
| CVE-2026-2365 | Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission — Fluent Forms Pro Add On PackCWE-79 | 7.2 | High | 2026-03-05 |
| CVE-2026-2899 | Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion — Fluent Forms Pro Add On PackCWE-862 | 6.5 | Medium | 2026-03-05 |
| CVE-2026-2428 | Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification — Fluent Forms Pro Add On PackCWE-345 | 7.5 | High | 2026-02-27 |
| CVE-2026-0996 | Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-79 | 6.4 | Medium | 2026-02-10 |
| CVE-2026-0632 | Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource' — Fluent Forms Pro Add On PackCWE-918 | 5.4 | Medium | 2026-02-09 |
| CVE-2025-13722 | Fluent Forms <= 6.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-862 | 5.3 | Medium | 2026-01-07 |
| CVE-2025-13728 | FluentAuth - Auth Security Plugin <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluent_auth_reset_password' Shortcode — FluentAuth – The Ultimate Authorization & Security Plugin for WordPressCWE-79 | 6.4 | Medium | 2025-12-15 |
| CVE-2025-13748 | Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-639 | 5.3 | Medium | 2025-12-06 |
| CVE-2025-13756 | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management — Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar SolutionCWE-862 | 4.3 | Medium | 2025-12-03 |
| CVE-2025-12935 | FluentCRM - Marketing Automation For WordPress <= 2.9.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluentcrm_content' Shortcode — FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM SolutionCWE-79 | 6.4 | Medium | 2025-11-21 |
| CVE-2025-9260 | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-502 | 6.5 | Medium | 2025-09-02 |
| CVE-2025-2940 | Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated Server-Side Request Forgery — Ninja Tables – Easy Data Table BuilderCWE-918 | 7.2 | High | 2025-06-27 |
| CVE-2025-2939 | Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution — Ninja Tables – Easy Data Table BuilderCWE-502 | 5.6 | Medium | 2025-06-03 |
| CVE-2025-3615 | Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-79 | 6.4 | Medium | 2025-04-17 |
| CVE-2024-13666 | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 5.2.12 - IP-Spoofing — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-20 | 5.3 | Medium | 2025-03-22 |
| CVE-2024-13568 | Fluent Support – Helpdesk & Customer Support Ticket System <= 1.8.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory — Fluent Support – Helpdesk & Customer Support Ticket SystemCWE-200 | 7.5 | High | 2025-03-01 |
| CVE-2024-10646 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-79 | 7.2 | High | 2024-12-14 |
| CVE-2024-9511 | FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider <= 2.2.82 - Unauthenticated PHP Object Injection — FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP ProviderCWE-502 | 9.8 | Critical | 2024-11-23 |
| CVE-2024-9528 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Form Manager+) Stored Cross-Site Scripting — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-79 | 4.9 | Medium | 2024-10-05 |
| CVE-2024-5053 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-285 | 4.2 | Medium | 2024-09-01 |
| CVE-2024-7304 | Ninja Tables – Easiest Data Table Builder <= 5.0.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Ninja Tables – Easy Data Table BuilderCWE-79 | 6.4 | Medium | 2024-08-27 |
| CVE-2024-6703 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-79 | 4.9 | Medium | 2024-07-27 |
| CVE-2024-6518 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-79 | 4.4 | Medium | 2024-07-27 |
| CVE-2024-6520 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-79 | 4.4 | Medium | 2024-07-27 |
| CVE-2024-6521 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-79 | 4.4 | Medium | 2024-07-27 |
| CVE-2024-4157 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-502 | 7.5 | High | 2024-05-22 |
| CVE-2024-4709 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-79 | 6.4 | Medium | 2024-05-18 |
| CVE-2024-2772 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form BuilderCWE-79 | 6.4 | Medium | 2024-05-18 |