Package impact
Packagist / verbb/formie
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45697 | critical | 9.8 | 9.8 | 16d ago | Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (with Default value → Custom) that were evaluated as … | |||
| CVE-2026-47266 | unknown | — | — | 5d ago | formie's unauthenticated front-end submission editing can overwrite existing submissions | |||
| CVE-2025-32426 | unknown | — | — | 1y ago | Formie has XSS vulnerability for email notification content for preview | |||
| CVE-2025-32427 | unknown | — | — | 1y ago | Formie has XSS vulnerability for importing forms | |||
| CVE-2024-35191 | unknown | — | — | 2y ago | verbb/formie Server-Side Template Injection for variable-enabled settings |