PT-2026-7108 · WordPress · Fluent Forms+1
Andrea Bocchetti
·
Published
2026-02-09
·
Updated
2026-02-09
·
CVE-2026-0632
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Fluent Forms Pro Add On Pack versions prior to 6.1.13
Description
The Fluent Forms Pro Add On Pack plugin for WordPress is susceptible to a Server-Side Request Forgery issue. This allows authenticated attackers with Subscriber-level access or higher to make web requests to arbitrary locations from the web application. Exploitation can enable querying and modification of information from internal services via the
saveDataSource function.Recommendations
Update Fluent Forms Pro Add On Pack to version 6.1.13 or later.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fluent Forms
Fluent Forms Pro Add On Pack