CVE-2026-0996 Overview
The Fluent Forms plugin for WordPress contains a Stored Cross-Site Scripting (XSS) vulnerability in the AI Form Builder module affecting all versions up to and including 6.1.14. This vulnerability arises from a combination of security failures: missing authorization checks, a leaked nonce, and insufficient input sanitization. Attackers with as little as Subscriber-level access can exploit this flaw to inject malicious JavaScript that executes in the browsers of any user viewing the compromised form.
Critical Impact
Authenticated attackers with Subscriber-level access can inject arbitrary web scripts that execute in the context of any user accessing AI-generated forms, potentially leading to session hijacking, credential theft, or administrative account compromise.
Affected Products
- Fluent Forms plugin for WordPress versions up to and including 6.1.14
- WordPress installations using the AI Form Builder module
- Any site where Subscriber-level users have access to form creation functionality
Discovery Timeline
- February 10, 2026 - CVE-2026-0996 published to NVD
- February 10, 2026 - Last updated in NVD database
Technical Details for CVE-2026-0996
Vulnerability Analysis
This Stored XSS vulnerability exploits a multi-layered security failure within the Fluent Forms plugin's AI Form Builder module. The vulnerability chain begins with missing authorization checks on the AI form generation endpoint, allowing users with minimal privileges (Subscriber-level) to access functionality intended for administrators.
The attack leverages a leaked nonce token that enables Subscriber-level users to trigger AI form generation through a protected endpoint. When the AI service processes malicious prompts, it typically returns bare JavaScript code without <script> tags. This output format bypasses the plugin's sanitization mechanisms, which appear to filter for traditional script tag patterns but fail to account for alternative JavaScript execution contexts.
The stored nature of this XSS means the malicious payload persists in the database and executes whenever any user—including administrators—views the generated form. This significantly amplifies the potential impact, as attackers can target high-privilege users without direct interaction.
Root Cause
The root cause stems from three intersecting security failures in the Fluent Forms codebase:
Missing Authorization Checks: The AI Form Builder endpoint lacks proper capability verification, allowing low-privilege users to access administrative functionality. The vulnerable code path can be traced through the actions.php hooks and the AiFormBuilder.php module.
Leaked Nonce Token: A security nonce intended to validate requests is inadvertently exposed, enabling attackers to forge legitimate-appearing requests. This exposure occurs in the globals.php file.
Insufficient Input Sanitization: The plugin's output sanitization fails to properly handle JavaScript code returned by AI services without traditional script tags, allowing the malicious code to be stored and later executed.
Attack Vector
The attack can be executed remotely over the network by any authenticated user with Subscriber-level privileges. The attacker crafts a request to the AI form generation endpoint using the leaked nonce, instructing the AI to generate form content containing malicious JavaScript. Since AI services typically return bare code without HTML tags, the payload bypasses sanitization and gets stored in the WordPress database.
When administrators or other users view the form in the admin panel or front-end, the stored JavaScript executes in their browser context, allowing the attacker to steal session cookies, perform actions as the victim, inject keyloggers, or redirect users to phishing pages. The vulnerability is particularly dangerous because it requires no user interaction beyond viewing a form—a routine administrative action.
Detection Methods for CVE-2026-0996
Indicators of Compromise
- Unexpected forms created by Subscriber-level users in the Fluent Forms admin panel
- Form content containing JavaScript code patterns such as eval(), document.cookie, or event handlers like onerror and onload
- Unusual AJAX requests to the AI Form Builder endpoints from low-privilege user sessions
- Database entries in form-related tables containing encoded or obfuscated JavaScript
Detection Strategies
- Monitor WordPress AJAX requests for calls to AI Form Builder endpoints from non-administrator users
- Implement Web Application Firewall (WAF) rules to detect JavaScript injection patterns in form content
- Audit user activity logs for Subscriber-level accounts accessing form creation functionality
- Deploy SentinelOne Singularity XDR to detect anomalous script execution patterns originating from WordPress installations
Monitoring Recommendations
- Enable detailed logging for all Fluent Forms plugin activities, particularly AI-related endpoints
- Configure alerting for any form creation or modification events by users below Administrator role
- Review stored form content periodically for suspicious JavaScript patterns
- Monitor browser console errors and network requests on pages containing Fluent Forms forms
How to Mitigate CVE-2026-0996
Immediate Actions Required
- Update Fluent Forms plugin to version 6.1.15 or later immediately
- Audit all existing forms created via the AI Form Builder for malicious content
- Review user accounts with Subscriber role and above for suspicious activity
- Consider temporarily disabling the AI Form Builder module until patching is complete
Patch Information
The vulnerability has been addressed in the FluentForm changeset update. The patch adds proper authorization checks to the AI Form Builder endpoints and implements stricter input sanitization for AI-generated content. Site administrators should update to the patched version through the WordPress plugin repository.
For additional technical details and vulnerability tracking, refer to the Wordfence Vulnerability Report.
Workarounds
- Restrict user registration or limit Subscriber capabilities using a membership plugin until the update is applied
- Disable the AI Form Builder module by commenting out or removing the relevant hooks in app/Hooks/actions.php
- Implement Content Security Policy (CSP) headers to mitigate the impact of XSS attacks
- Use a WordPress security plugin to block requests to vulnerable endpoints based on user role
# Temporary workaround: Add to wp-config.php to restrict AI Form Builder access
# Note: This is a temporary measure - apply official patch as soon as possible
define('FLUENTFORM_DISABLE_AI_BUILDER', true);
# Alternative: Block endpoint via .htaccess (Apache)
# Add to WordPress root .htaccess file
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} fluentform.*ai.*builder [NC]
RewriteCond %{HTTP_COOKIE} !wordpress_logged_in.*administrator [NC]
RewriteRule .* - [F,L]
</IfModule>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
