Does Fluent Forms PDF Generator have any unpatched vulnerabilities?

No. All known vulnerabilities in Fluent Forms PDF Generator have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Fluent Forms PDF Generator compatible with WordPress 6.8.5?

According to WordPress.org data, Fluent Forms PDF Generator 1.1.11 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Fluent Forms PDF Generator compatible with PHP 7.4+?

Fluent Forms PDF Generator requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Fluent Forms PDF Generator updated?

Fluent Forms PDF Generator was last updated on Nov 27, 2025. Frequent updates are generally a positive security signal.

What is Fluent Forms PDF Generator's security score?

Fluent Forms PDF Generator has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Fluent Forms PDF Generator Security & Risk Analysis

wordpress.org/plugins/fluentforms-pdf

Generate PDF from Your Form Submissions and Download/Email Them

20K active installs v1.1.11 PHP 7.4+ WP 5.0+ Updated Nov 27, 2025

attachmentfluent-formsform-to-pdfpdf

A · Safe

CVEs total1

Unpatched0

Last CVEJan 22, 2024

Plugin page Download

Safety Verdict

Is Fluent Forms PDF Generator Safe to Use in 2026?

Generally Safe

Score 100/100

Fluent Forms PDF Generator has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 22, 2024Updated 4mo ago

Risk Assessment

The "fluentforms-pdf" v1.1.11 plugin presents a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and properly escaping a high percentage of output, several significant concerns remain. The primary weakness lies in its attack surface, with all six identified AJAX handlers lacking authentication checks, creating a substantial entry point for potential exploitation. The taint analysis, though limited in scope with only two flows analyzed, did reveal two instances of unsanitized paths, which could lead to path traversal vulnerabilities if exploited under certain conditions.

The plugin's vulnerability history indicates a past issue with Cross-Site Scripting (XSS), with a recent medium severity vulnerability patched. While there are no currently unpatched CVEs, the historical presence of XSS and the current lack of authentication on AJAX endpoints are concerning. The presence of a nonce check on only one entry point and the complete absence of capability checks further exacerbate these concerns.

In conclusion, the plugin has strengths in its handling of database interactions and output escaping. However, the unsecured AJAX handlers represent a critical vulnerability that needs immediate attention. The taint analysis, though small, suggests potential risks related to file path handling. Addressing the unauthenticated AJAX endpoints and ensuring proper authorization checks are implemented across all entry points should be the highest priority for improving the plugin's security.

Key Concerns

All AJAX handlers lack authentication checks
Unsanitized paths in taint analysis
Only 1 nonce check for 6 entry points
No capability checks on entry points
Bundled outdated library (TCPDF)
Past medium severity XSS vulnerability

Vulnerabilities

Fluent Forms PDF Generator Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-6953medium · 4.9Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting

Jan 22, 2024 Patched in 1.1.8 (190d)

Code Analysis

Analyzed Mar 16, 2026

Fluent Forms PDF Generator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

83 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TCPDF

Output Escaping

86% escaped96 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

saveGlobalSettings (Classes\Controller\GlobalPdfManager.php:174)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Fluent Forms PDF Generator Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 6

authwp_ajax_fluentform_get_form_pdf_template_settingsClasses\Controller\GlobalPdfManager.php:35

authwp_ajax_fluentform_pdf_admin_ajax_actionsClasses\Controller\GlobalPdfManager.php:40

authwp_ajax_fluentform_pdf_downloadClasses\Controller\GlobalPdfManager.php:87

authwp_ajax_fluentform_pdf_download_publicClasses\Controller\GlobalPdfManager.php:88

noprivwp_ajax_fluentform_pdf_download_publicClasses\Controller\GlobalPdfManager.php:89

authwp_ajax_fluentform_report_download_pdfClasses\Controller\GlobalPdfManager.php:92

WordPress Hooks 14

actionfluentform_pdf_cleanup_tmp_dirClasses\Controller\GlobalPdfManager.php:28

filterfluentform/global_settings_componentsClasses\Controller\GlobalPdfManager.php:31

filterfluentform/form_settings_menuClasses\Controller\GlobalPdfManager.php:32

filterfluentform/submissions_widgetsClasses\Controller\GlobalPdfManager.php:44

filterfluentform/email_attachmentsClasses\Controller\GlobalPdfManager.php:46

actionfluentform/addons_page_render_fluentform_pdf_settingsClasses\Controller\GlobalPdfManager.php:48

actionadmin_noticesClasses\Controller\GlobalPdfManager.php:50

filterfluentform/pdf_body_parseClasses\Controller\GlobalPdfManager.php:56

filterfluentform/will_return_htmlClasses\Controller\GlobalPdfManager.php:65

filterfluentform/all_editor_shortcodesClasses\Controller\GlobalPdfManager.php:72

filterfluentform/shortcode_parser_callback_pdf.download_linkClasses\Controller\GlobalPdfManager.php:73

filterfluentform/shortcode_parser_callback_pdf.download_link.publicClasses\Controller\GlobalPdfManager.php:80

actionadmin_noticesfluentforms-pdf.php:80

actionplugins_loadedfluentforms-pdf.php:127

Scheduled Events 1

fluentform_pdf_cleanup_tmp_dir

Maintenance & Trust

Fluent Forms PDF Generator Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 27, 2025

PHP min version7.4

Downloads184K

Community Trust

Rating100/100

Number of ratings5

Active installs20K

Alternatives

Fluent Forms PDF Generator Alternatives

Attachments

attachments

100

Attachments allows you to simply append any number of items from your WordPress Media Library to Posts, Pages, and Custom Post Types

9K No CVEs

Document Gallery

document-gallery

100

This plugin generates thumbnails for documents and displays them in a gallery-like format for easy sharing.

9K No CVEs

Send PDF for Contact Form 7

send-pdf-for-contact-form-7

Create, customize and send PDF attachments with Contact Form 7 form

9K 3 CVEs

PDF Generator for WordPress Elementor

pdf-generator-addon-for-elementor-page-builder

The ultimate WordPress PDF generator for Elementor. Easily export to PDF, add a download button, and convert WooCommerce products to PDF.

1K 3 CVEs

PDF Thumbnails Support Test

pdf-thumbnails-support-test

Determine if your server is missing software for WordPress 4.7's native PDF thumbnail generator.

400 No CVEs

Developer Profile

Fluent Forms PDF Generator Developer Profile

WPManageNinja

5 plugins · 29K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

336 days

View full developer profile

Detection Fingerprints

How We Detect Fluent Forms PDF Generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fluentforms-pdf/assets/css/global-settings.css/wp-content/plugins/fluentforms-pdf/assets/css/template-preview.css/wp-content/plugins/fluentforms-pdf/assets/js/admin.js/wp-content/plugins/fluentforms-pdf/assets/js/admin-settings.js/wp-content/plugins/fluentforms-pdf/assets/js/template-preview.js/wp-content/plugins/fluentforms-pdf/assets/js/app.js

Script Paths

/wp-content/plugins/fluentforms-pdf/assets/js/admin.js/wp-content/plugins/fluentforms-pdf/assets/js/admin-settings.js/wp-content/plugins/fluentforms-pdf/assets/js/template-preview.js/wp-content/plugins/fluentforms-pdf/assets/js/app.js

Version Parameters

fluentforms-pdf/assets/css/global-settings.css?ver=fluentforms-pdf/assets/css/template-preview.css?ver=fluentforms-pdf/assets/js/admin.js?ver=fluentforms-pdf/assets/js/admin-settings.js?ver=fluentforms-pdf/assets/js/template-preview.js?ver=fluentforms-pdf/assets/js/app.js?ver=

HTML / DOM Fingerprints

CSS Classes

fluentform_pdf_global_settingsff_pdf_preview_wrapff_pdf_template_preview

HTML Comments

Changed from : fluentform_single_entry_widgets

JS Globals

fluentFormsPdf

Shortcode Output

[pdf.download_link][pdf.download_link.public]

FAQ