CVE-2026-5149

The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization up to version 2.0.7 due to get_submission_content lacking a capability check, enabling authenticated attackers with Contributor-level access to view arbitrary form submissions by iterating the entries_id parameter. Affected:...

CVE-2026-28803

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned...

CVE-2026-28803

CVE-2026-28803 affects Open Forms with cosign flow prior to versions 3.3.13 and 3.4.5. The vulnerability allows a logged-in user to implicitly retrieve arbitrary submissions by guessing/modifying the cosign code received by email, enabling access to submission references during cosign flow. The i...

EUVD-2026-11198

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned...

Open Forms 访问控制错误漏洞

Open Forms is an open-source intelligent dynamic form tool. It is used to quickly create powerful and intelligent forms that can be exposed via APIs. Versions of Open Forms prior to 3.3.13 and 3.4.5 contained a access control vulnerability. This vulnerability allowed attackers to guess or modify...