Security: verbb/formie
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Missing authorization in Formie administrative settings allows low-privileged CP users to modify plugin configurationGHSA-cvpc-hccg-wmw4 published
Jun 5, 2026 by engram-designModerate -
Server-Side Template Injection in Formie Hidden field defaultsGHSA-565m-g33j-jq96 published
May 30, 2026 by engram-designCritical -
Unauthenticated front-end submission editing can overwrite existing submissionsGHSA-pgxq-p76c-x9cg published
May 19, 2026 by engram-designHigh -
Pre-authenticated server-side template injection in Hidden fieldsGHSA-x7m9-mwc2-g6w2 published
May 12, 2026 by engram-designCritical -
XSS vulnerability for email notification content for previewGHSA-2xm2-23ff-p8ww published
Apr 11, 2025 by engram-designModerate -
XSS vulnerability for importing formsGHSA-p9hh-mh5x-wvx3 published
Apr 11, 2025 by engram-designModerate -
Server-Side Template Injection for variable-enabled settingsGHSA-v45m-hxqp-fwf5 published
May 18, 2024 by engram-designModerate