Vulnerabilities > Fluentforms

DATE CVE VULNERABILITY TITLE RISK
2024-01-27 CVE-2024-0618 Cross-site Scripting vulnerability in Fluentforms Contact Form
The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping.
network
low complexity
fluentforms CWE-79
4.8
2023-10-31 CVE-2023-24410 SQL Injection vulnerability in Fluentforms Contact Form
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25.
network
low complexity
fluentforms CWE-89
critical
9.8
2023-04-10 CVE-2023-0546 Unspecified vulnerability in Fluentforms Contact Form
The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the form.
network
low complexity
fluentforms
5.4
2022-11-07 CVE-2022-3463 Improper Neutralization of Formula Elements in a CSV File vulnerability in Fluentforms Contact Form
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection
network
low complexity
fluentforms CWE-1236
critical
9.8
2021-07-07 CVE-2021-34620 Cross-Site Request Forgery (CSRF) vulnerability in Fluentforms Contact Form
The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions
network
low complexity
fluentforms CWE-352
8.8