Pyrobd

**Name of the Vulnerable Software and Affected Versions** Fluent Forms plugin for WordPress versions prior to 6.1.15 **Description** The Fluent Forms plugin for WordPress is susceptible to Stored Cross-Site Scripting through the AI Form Builder module. This occurs because of missing authorization checks, a leaked nonce, and inadequate input sanitization. Subscriber-level users can initiate AI form generation through a protected endpoint. AI services may return JavaScript code without script tags, bypassing the plugin’s sanitization measures. This allows attackers with Subscriber-level access or higher to inject arbitrary web scripts that execute when anyone views the generated form. The `AI Form Builder` module is the component affected. **Recommendations** Update the Fluent Forms plugin to version 6.1.15 or later.