How severe is CVE-2026-6344?

Medium severity. CVSS v3 base score is 4.9 out of 10.

Path Traversal in Techjewel Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

CVE-2026-6344

The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments() method of EmailNotificationActions, which resolves attack…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.004 (62.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.

Affected products

Techjewel Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder — versions 0

Weakness classification (CWE)

CWE-22 — Path Traversal

References

Frequently asked questions

What is CVE-2026-6344?: CVE-2026-6344 is a medium-severity vulnerability in Techjewel Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder, classified under Path Traversal. CVSS score: 4.9/10. Published 2026-05-06.
How severe is CVE-2026-6344?: Medium severity. CVSS v3 base score is 4.9 out of 10.