Solspace Freeform vulnerabilities
2 known vulnerabilities affecting solspace/freeform.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-52122P2CRITICALCVSS 9.8≥ 5.0.0, < 5.10.162025-08-27
CVE-2025-52122 [CRITICAL] CWE-94 CVE-2025-52122: Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection
Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).
nvd
CVE-2026-26188P4MEDIUMCVSS 5.4≥ 5.0.0, < 5.14.72026-02-12
CVE-2026-26188 [MEDIUM] CWE-79 CVE-2026-26188: Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated,
Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user (able to create/edit forms) can inject arbitrary HTML/JS into the Craft Control Panel (CP) builder and integrations views. User-controlled form labels and integration metadata are rendered with dangerouslySetInnerHTML without saniti
nvd