Packagist (Composer) package
solspace/craft-freeform
pkg:composer/solspace/craft-freeform
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-26188 | — | >= 5.0.0, < 5.14.7 | 5.14.7 | Feb 12, 2026 | Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user (able to create/edit forms) can inject arbitrary HTML/JS into the Craft Control Panel (CP) builder and integrations views. User-controlled form labels and integ | ||
| CVE-2025-52122 | — | >= 5.0.0, < 5.10.16 | 5.10.16 | Aug 27, 2025 | Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title). |
- CVE-2026-26188Feb 12, 2026affected >= 5.0.0, < 5.14.7fixed 5.14.7
Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user (able to create/edit forms) can inject arbitrary HTML/JS into the Craft Control Panel (CP) builder and integrations views. User-controlled form labels and integ
- CVE-2025-52122Aug 27, 2025affected >= 5.0.0, < 5.10.16fixed 5.10.16
Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).