Skip to main content

Formie

4 CVEs product

Monthly

CVE-2026-47266 PHP HIGH PATCH GHSA This Week

Unauthorized submission modification in Formie (Craft CMS plugin) versions prior to 2.2.21 and 3.1.26 allows remote unauthenticated attackers to overwrite existing form submissions by POSTing a known or guessed submission ID to the formie/submissions/save-submission endpoint. The flaw is an authorization bypass (CWE-639) that compromises integrity of stored submission data without requiring credentials. No public exploit identified at time of analysis, though the upstream fix and advisory are publicly disclosed on GitHub.

Authentication Bypass Formie
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-32427 PHP MEDIUM PATCH This Month

Formie is a Craft CMS plugin for creating forms. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Formie
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-32426 PHP MEDIUM PATCH This Month

Formie is a Craft CMS plugin for creating forms. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Formie
NVD GitHub
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-35191 PHP MEDIUM PATCH This Month

Formie is a Craft CMS plugin for creating forms. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Ssti Information Disclosure Formie
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Unauthorized submission modification in Formie (Craft CMS plugin) versions prior to 2.2.21 and 3.1.26 allows remote unauthenticated attackers to overwrite existing form submissions by POSTing a known or guessed submission ID to the formie/submissions/save-submission endpoint. The flaw is an authorization bypass (CWE-639) that compromises integrity of stored submission data without requiring credentials. No public exploit identified at time of analysis, though the upstream fix and advisory are publicly disclosed on GitHub.

Authentication Bypass Formie
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Formie is a Craft CMS plugin for creating forms. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Formie
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Formie is a Craft CMS plugin for creating forms. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Formie
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Formie is a Craft CMS plugin for creating forms. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Ssti Information Disclosure Formie
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy