Server-Side Request Forgery in Fluent Forms Pro Add On Pack Plugin for WordPress
CVE-2026-0632
5.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 9 February 2026
What is CVE-2026-0632?
The Fluent Forms Pro Add On Pack plugin for WordPress is susceptible to Server-Side Request Forgery (SSRF) vulnerabilities. This flaw allows authenticated users with Subscriber-level access and higher to exploit the 'saveDataSource' function. Attackers can manipulate the web application to send requests to arbitrary locations, potentially exposing sensitive data or services within internal networks.
Affected Version(s)
Fluent Forms Pro Add On Pack 0 <= 6.1.12