Skip to main content

Fluent Crm

1 CVEs product

Monthly

CVE-2026-57715 HIGH This Week

Reflected cross-site scripting in the WPManageNinja Fluent CRM WordPress plugin (all versions through 3.1.7) lets a remote unauthenticated attacker inject script that executes in a victim's browser when they follow a crafted link. Because the CVSS scope is changed (S:C), successful exploitation can affect resources beyond the vulnerable component, typically hijacking an authenticated WordPress admin session within the wp-admin context. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

XSS Fluent Crm
NVD
CVSS 3.1
7.1
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the WPManageNinja Fluent CRM WordPress plugin (all versions through 3.1.7) lets a remote unauthenticated attacker inject script that executes in a victim's browser when they follow a crafted link. Because the CVSS scope is changed (S:C), successful exploitation can affect resources beyond the vulnerable component, typically hijacking an authenticated WordPress admin session within the wp-admin context. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

XSS Fluent Crm
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy