solspace/craft-freeform

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting solspace/craft-freeformpage 1 of 1

CVE-2025-52122CRITICALCVSS 9.8EG 9.8✓ Fixed in 5.10.16
2025-08-27
vulnerable: 5.0.0 ... 5.9.9 (128 versions)
Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).
CVE-2026-26188MEDIUMCVSS 5.4EG 5.4✓ Fixed in 5.14.7
2026-02-12
vulnerable: 5.0.0 ... 5.9.9 (170 versions)
Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user (able to create/edit forms) can inject arbitrary HTML/JS into the Craft Control Panel (CP) builder and integrations vie…

Check whether solspace/craft-freeform is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for solspace/craft-freeform CVEs against the assets you own.

Start Free Scan →