CVE-2026-4257

The Contact Form by Supsystic plugin for WordPress is vulnerable to Server-Side Template Injection SSTI leading to Remote Code Execution RCE in all versions up to, and including, 1.7.36. This is due to the plugin using the Twig TwigLoaderString template engine without sandboxing, combined with th...

CVE-2025-64515

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields...

CVE-2025-64515

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields...

EUVD-2025-198098

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields...

PT-2025-47415

Name of the Vulnerable Software and Affected Versions Open Forms versions prior to 3.2.7 Open Forms versions prior to 3.3.3 Description Open Forms enables users to create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms with prefill data fields dynamically set to readonly or...