FluentForm
Shahjahan Jewel
Developer
6.1.12
Latest version
600,000
Installations
No date
Last updated
Vulnerability history
0 present
21 fixed
7 Mitigation rules
- Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id vulnerability<= 6.1.7Dec 8, 2025
- Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read5.1.16-6.1.1Sep 2, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 6.0.2Apr 17, 2025
- IP-Spoofing vulnerability<= 5.2.12Mar 21, 2025
- Unauthenticated Stored Cross-Site Scripting via Form Subject vulnerability<= 5.2.6Dec 13, 2024
- Admin+ Stored XSS vulnerability< 5.2.1Dec 9, 2024
- Authenticated (Form Manager+) Stored Cross-Site Scripting vulnerability<= 5.1.19Oct 7, 2024
- Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification vulnerability<= 5.1.18Sep 3, 2024
- Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability<= 5.1.19Jul 29, 2024
- PHP Object Injection vulnerability<= 5.1.15May 23, 2024
- Missing Authorization to Settings Update and Limited Privilege Escalation vulnerability<= 5.1.16May 20, 2024
- Missing Authorization to Setting Manipulation vulnerability<= 5.1.16May 20, 2024
- Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability<= 5.1.13May 20, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 5.1.16May 20, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 5.1.9Mar 6, 2024
- Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title vulnerability<= 5.1.5Jan 19, 2024
- Broken Access Control vulnerability<= 5.0.8Sep 11, 2023
- SQL Injection vulnerability<= 4.3.25Jul 12, 2023
- Contributor+ Stored XSS via Custom HTML Form Field vulnerability< 4.3.25Apr 11, 2023
- CSV Injection vulnerability<= 4.3.12Oct 17, 2022
- Cross-Site Request Forgery (CSRF) vulnerability leading to stored Cross-Site Scripting (XSS)<= 3.6.65Jun 16, 2021