The popular Fluent Forms Contact Form Builder plugin for WordPress, with over 300,000 installations, was discovered to contain a SQL Injection vulnerability that could allow database access to hackers.
Fluent Forms Contact Form Builder
Fluent Forms Contact Form Builder is one of the most popular contact forms for WordPress, with over 300,000 installations.
Its drag-and-drop interface makes creating custom contact forms easy so that users don’t have to learn how to code.
The ability to use the plugin to create virtually any kind of input form makes it a top choice.
Users can leverage the plugin to create subscription forms, payment forms, and forms for creating quizzes.
Plus it integrates with third party applications like MailChimp, Zapier and Slack.
Importantly, it also has a native analytics capability.
This incredible flexibility makes Fluent Forms a top choice because users can accomplish so much with just one plugin.
Input Neutralization
Every plugin that allows site visitors to input data directly into the database, especially contact forms, must process those inputs so that they do not inadvertently allow hackers to input scripts or SQL commands that allows malicious users to make unexpected changes.