PT-2026-1605 · WordPress · Fluent Forms
Marcin Dudek
·
Publicado
2026-01-07
·
Atualizado
2026-01-07
·
CVE-2025-13722
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress versions through 6.1.7
Description
The Fluent Forms plugin for WordPress is affected by a missing authorization issue. Capability checks are absent on the
fluentform ai create form AJAX action, allowing authenticated attackers with Subscriber-level access or higher to create arbitrary forms through the AI builder.Recommendations
Update to a version beyond 6.1.7.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Fluent Forms