FluentForm
Shahjahan Jewel
Developer
6.1.21
Latest version
700,000
Installations
No date
Last updated
Vulnerability history
0 present
28 patched
8 Mitigation rules
- Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields vulnerability<= 5.1.1918/02/2026
- Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module vulnerability<= 6.1.1410/02/2026
- Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability<= 5.1.1902/02/2026
- Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability<= 5.1.1902/02/2026
- Broken Access Control vulnerability<= 6.1.1425/01/2026
- Arbitrary Shortcode Execution vulnerability<= 6.1.1113/01/2026
- Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Creation via AI Builder vulnerability<= 6.1.706/01/2026
- Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id vulnerability<= 6.1.708/12/2025
- Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read5.1.16-6.1.102/09/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 6.0.217/04/2025
- IP-Spoofing vulnerability<= 5.2.1221/03/2025
- Unauthenticated Stored Cross-Site Scripting via Form Subject vulnerability<= 5.2.613/12/2024
- Admin+ Stored XSS vulnerability< 5.2.109/12/2024
- Authenticated (Form Manager+) Stored Cross-Site Scripting vulnerability<= 5.1.1907/10/2024
- Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification vulnerability<= 5.1.1803/09/2024
- Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability<= 5.1.1929/07/2024
- PHP Object Injection vulnerability<= 5.1.1523/05/2024
- Missing Authorization to Settings Update and Limited Privilege Escalation vulnerability<= 5.1.1620/05/2024
- Missing Authorization to Setting Manipulation vulnerability<= 5.1.1620/05/2024
- Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability<= 5.1.1320/05/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 5.1.1620/05/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 5.1.906/03/2024
- Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title vulnerability<= 5.1.519/01/2024
- Broken Access Control vulnerability<= 5.0.811/09/2023
- SQL Injection vulnerability<= 4.3.2512/07/2023
- Contributor+ Stored XSS via Custom HTML Form Field vulnerability< 4.3.2511/04/2023
- CSV Injection vulnerability<= 4.3.1217/10/2022
- Cross-Site Request Forgery (CSRF) vulnerability leading to stored Cross-Site Scripting (XSS)<= 3.6.6516/06/2021