CVE-2026-0996 in Fluent Forms Plugin
Summary
by MITRE • 02/10/2026
The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows Subscriber-level users to trigger AI form generation via a protected endpoint. When prompted, AI services will typically return bare JavaScript code (without <script> tags), which bypasses the plugin's sanitization. This stored JavaScript executes whenever anyone views the generated form, making it possible for authenticated attackers with Subscriber-level access and above to inject arbitrary web scripts that will execute in the context of any user accessing the form.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/10/2026
The vulnerability identified as CVE-2026-0996 resides within the Fluent Forms plugin for WordPress, specifically affecting versions through 6.1.14. This represents a critical stored cross-site scripting flaw that stems from multiple security weaknesses working in concert. The core issue manifests in the AI Form Builder module where insufficient authorization controls permit unauthorized access to protected endpoints. The vulnerability chain begins with a leaked nonce, which undermines the authentication mechanism designed to protect sensitive operations. Subsequently, inadequate input sanitization fails to properly filter malicious content that originates from the AI service responses. This particular flaw enables attackers with Subscriber-level privileges to exploit the form generation functionality through a protected endpoint, creating a dangerous attack surface that extends beyond simple privilege escalation.
The technical exploitation of this vulnerability occurs through a combination of authorization bypass and sanitization failures that create a persistent XSS vector. When Subscriber-level users trigger AI form generation, the system processes the response from AI services without adequate security filtering. These AI services commonly return JavaScript code without the enclosing <script> tags, which the plugin's sanitization routines fail to properly handle. This specific characteristic allows malicious code to bypass the security controls and become permanently stored within the form data. The stored JavaScript executes each time any user accesses the generated form, regardless of their privilege level, creating a persistent threat that can affect all users who encounter the compromised content. This type of vulnerability directly aligns with CWE-79, which defines cross-site scripting as the failure to properly sanitize user input before rendering it in web pages, and represents a classic case of stored XSS where malicious content is permanently saved and executed.
The operational impact of CVE-2026-0996 extends far beyond simple data corruption or display issues. Any authenticated user with Subscriber privileges can leverage this vulnerability to inject malicious scripts that will execute in the context of other users' browsers. This creates a potential for credential theft, session hijacking, and various other client-side attacks that can compromise the entire WordPress installation's security posture. The vulnerability is particularly concerning because it requires minimal privilege escalation to achieve significant impact, making it attractive to attackers who may already have access to low-privilege accounts. The persistent nature of the stored XSS means that the attack remains active until the affected forms are manually removed or the plugin is updated, potentially allowing attackers to maintain long-term access to compromised systems. This vulnerability also demonstrates weaknesses in the plugin's security architecture that may extend to other components, as the combination of leaked nonces and insufficient sanitization suggests broader architectural issues.
Mitigation strategies for CVE-2026-0996 require immediate action to address the root causes of the vulnerability. The most critical step involves updating to a patched version of the Fluent Forms plugin where the authorization checks have been strengthened and input sanitization has been enhanced to properly handle AI-generated JavaScript content. Administrators should implement network-level protections such as web application firewalls that can detect and block suspicious requests to the AI Form Builder endpoints. Additionally, the plugin should be configured to validate all user inputs more rigorously, particularly when processing content from external services like AI providers. Security monitoring should be enhanced to detect unauthorized form generation requests and suspicious user activities within the plugin's administrative interface. The vulnerability also highlights the importance of proper nonce management and the need for robust input validation that can handle various content types, including those that may not conform to standard HTML structures. Organizations should also consider implementing principle of least privilege controls to limit the damage potential of compromised accounts and establish automated patch management processes to quickly address similar vulnerabilities in the future. This vulnerability exemplifies the risks associated with third-party plugin integration and underscores the necessity of thorough security reviews before deploying any software components that interface with external services.