IP Address Spoofing Vulnerability in Fluent Forms by WordPress
CVE-2024-13666
5.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 22 March 2025
What is CVE-2024-13666?
The Fluent Forms plugin for WordPress, a tool used for creating customizable contact forms and surveys, is susceptible to IP Address Spoofing. This vulnerability arises from inadequate validation of IP addresses and reliance on user-supplied HTTP headers for IP retrieval. As a result, unauthenticated attackers can impersonate legitimate IP addresses and exploit IP-based restrictions, potentially allowing them to submit malicious forms undetected. It's critical for site administrators using Fluent Forms to take immediate action by updating to the latest version to safeguard against this threat.
Affected Version(s)
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder * <= 5.2.12