PT-2026-7108 · WordPress · Fluent Forms+1
Andrea Bocchetti
·
Publicado
2026-02-09
·
Atualizado
2026-02-09
·
CVE-2026-0632
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Fluent Forms Pro Add On Pack versions prior to 6.1.13
Description
The Fluent Forms Pro Add On Pack plugin for WordPress is susceptible to a Server-Side Request Forgery issue. This allows authenticated attackers with Subscriber-level access or higher to make web requests to arbitrary locations from the web application. Exploitation can enable querying and modification of information from internal services via the
saveDataSource function.Recommendations
Update Fluent Forms Pro Add On Pack to version 6.1.13 or later.
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Fluent Forms
Fluent Forms Pro Add On Pack