VYPR

Packagist (Composer) package

solspace/craft-freeform

pkg:composer/solspace/craft-freeform

Vulnerabilities (2)

  • CVE-2026-26188Feb 12, 2026
    affected >= 5.0.0, < 5.14.7fixed 5.14.7

    Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user (able to create/edit forms) can inject arbitrary HTML/JS into the Craft Control Panel (CP) builder and integrations views. User-controlled form labels and integ

  • CVE-2025-52122Aug 27, 2025
    affected >= 5.0.0, < 5.10.16fixed 5.10.16

    Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).