CVE-2024-13666

Name of the Vulnerable Software and Affected Versions Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress versions up to, and including, 5.2.12

Description The issue is related to insufficient IP address validation and the use of user-supplied HTTP headers as a primary method for IP retrieval. This allows unauthenticated attackers to spoof their IP address and submit forms that may have IP-based restrictions.

Recommendations For versions up to, and including, 5.2.12, update to a version that addresses the IP address validation issue to prevent spoofing. As a temporary workaround, consider restricting access to forms with IP-based restrictions until a patch is available.