PT-2026-23129 · WordPress · Fluent Forms Pro
Prickly Cactus
·
Publicado
2026-03-05
·
Atualizado
2026-03-08
·
CVE-2026-2365
CVSS v3.1
7.2
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Fluent Forms Pro versions up to and including 6.1.17
Description
The Fluent Forms Pro plugin for WordPress is susceptible to Stored Cross-Site Scripting through the
fluentform step form save data AJAX action. The draft form submission endpoint is publicly accessible without authentication or nonce verification. Insufficient input sanitization and output escaping of form field data allows unauthenticated attackers to inject arbitrary web scripts. These scripts execute when an administrator views a partial form entry.Recommendations
Fluent Forms Pro versions prior to 6.1.17 should be updated.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Fluent Forms Pro