Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High0
Medium4
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2026-04-15

CVE-2026-0996 - Fluent Forms Plugin

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows Subscriber-level users to trigger AI form generation via a protected endpoint. When prompted, AI services will typically return bare JavaScript code (without tags), which bypasses the plugin's sanitization. This stored JavaScript executes whenever anyone views the generated form, making it possible for authenticated attackers with Subscriber-level…

PLUGIN Fluent Forms

CVE-2026-0996

MEDIUM CVSS 6.4 2026-02-10
Open Full Technical Breakdown
Threat Entry Updated 2025-04-17

CVE-2025-3615 - Fluent Forms Plugin

The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Fluent Forms

CVE-2025-3615

MEDIUM CVSS 6.4 2025-04-17
Open Full Technical Breakdown
Threat Entry Updated 2025-05-06

CVE-2024-9651 - Fluent Forms Plugin

The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PLUGIN Fluent Forms

CVE-2024-9651

MEDIUM CVSS 6.1 2024-12-09
Open Full Technical Breakdown
Threat Entry Updated 2025-04-04

CVE-2023-6957 - Fluent Forms Plugin

The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin.

PLUGIN Fluent Forms

CVE-2023-6957

MEDIUM CVSS 4.9 2024-03-13
Open Full Technical Breakdown
Scroll to top