CVE-2026-0996 Overview
CVE-2026-0996 is a Stored Cross-Site Scripting (XSS) vulnerability [CWE-79] in the Fluent Forms plugin for WordPress. The flaw affects all versions up to and including 6.1.14. It stems from a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization in the AI Form Builder module. Authenticated attackers with Subscriber-level access can trigger AI form generation through a protected endpoint. AI services typically return bare JavaScript without <script> tags, bypassing the plugin's sanitization. The injected script executes whenever any user views the generated form.
Critical Impact
Authenticated Subscriber-level attackers can store arbitrary JavaScript that executes in the browser of any user viewing the AI-generated form, including administrators.
Affected Products
- WordPress Fluent Forms plugin versions up to and including 6.1.14
- AI Form Builder module within Fluent Forms
- WordPress sites with Subscriber-level registration enabled
Discovery Timeline
- 2026-02-10 - CVE-2026-0996 published to NVD
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2026-0996
Vulnerability Analysis
The vulnerability resides in the AI Form Builder module of Fluent Forms, referenced in app/Modules/Ai/AiFormBuilder.php and the action hook registered in app/Hooks/actions.php. Three weaknesses combine to produce the stored XSS condition. First, the endpoint that triggers AI-driven form generation lacks proper authorization checks, allowing low-privileged Subscriber accounts to invoke it. Second, the nonce required to call this endpoint is leaked to authenticated users who should not have access. Third, the response handler from the AI service is sanitized assuming HTML-encoded <script> tags, but AI providers commonly return raw JavaScript without surrounding script tags. The generated form definition is then stored in the database. When any visitor or administrator later renders the form, the injected JavaScript executes in their browser context, potentially leading to session theft, privilege escalation, or further compromise.
Root Cause
The root cause is a layered control failure. The action hook registration in actions.php does not enforce a capability check appropriate for the AI Form Builder. The helper in boot/globals.php exposes the nonce to roles below manage_options. The sanitization routine inspects only well-formed <script> blocks, missing inline JavaScript expressions returned by language models.
Attack Vector
The attack requires network access and authenticated Subscriber-level privileges or higher. The attacker obtains the leaked nonce, calls the AI Form Builder endpoint with a crafted prompt instructing the AI to emit bare JavaScript, and the response is stored as part of the form definition. The payload triggers on any subsequent view of the form, producing a scope-changing impact reflected in the CVSS scope metric. Technical details for the affected code paths are available in the WordPress Fluent Form AI Builder source and the Wordfence Vulnerability Report.
Detection Methods for CVE-2026-0996
Indicators of Compromise
- Form definitions containing inline JavaScript such as onerror=, onload=, or unescaped function calls within field labels, descriptions, or default values
- Unexpected AI Form Builder invocations originating from Subscriber-level user IDs in WordPress request logs
- Outbound requests from site visitors to attacker-controlled domains immediately after rendering a Fluent Forms form
- Newly created forms authored by low-privileged accounts that should not have form-creation capabilities
Detection Strategies
- Audit the wp_fluentform_forms table for stored form payloads containing JavaScript event handlers or javascript: URIs
- Review WordPress access logs for POST requests to the Fluent Forms AI endpoint correlated with low-privilege session cookies
- Implement Content Security Policy reporting to surface inline script execution on pages rendering Fluent Forms
Monitoring Recommendations
- Monitor WordPress user role activity for Subscriber accounts performing administrative-like actions
- Alert on creation or modification of Fluent Forms entries by non-administrator users
- Track unusual outbound traffic patterns from browsers accessing pages hosting Fluent Forms
How to Mitigate CVE-2026-0996
Immediate Actions Required
- Update the Fluent Forms plugin to a version newer than 6.1.14 that includes the fix referenced in WordPress Fluent Form Changeset 3449710
- Audit all existing Fluent Forms form definitions for injected JavaScript and remove malicious content
- Review WordPress user accounts and remove unnecessary Subscriber-level registrations
- Rotate administrator session cookies and credentials if compromise is suspected
Patch Information
The vendor addressed the vulnerability by adding proper capability checks to the AI Form Builder action hook. Site administrators should upgrade to the latest Fluent Forms release. The relevant fix is recorded in the WordPress Fluent Form Changeset.
Workarounds
- Disable open user registration in WordPress settings to prevent attackers from obtaining Subscriber accounts
- Deactivate the AI Form Builder module if it is not in use
- Apply a Web Application Firewall rule blocking POST requests to the AI Form Builder endpoint from non-administrator roles
- Enforce a strict Content Security Policy that disallows inline script execution on pages rendering forms
# Verify installed Fluent Forms version via WP-CLI
wp plugin get fluentform --field=version
# Update Fluent Forms to the latest patched release
wp plugin update fluentform
# Disable open registration as a defensive measure
wp option update users_can_register 0
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
