Lucene search
K

4 matches found

OSV
OSV
added 2026/05/29 10:19 p.m.8 views

GHSA-PGXQ-P76C-X9CG formie's unauthenticated front-end submission editing can overwrite existing submissions

Impact Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. Patches 2.2.21, 3.1.26 Workarounds Block unauthenticated access to actions/formie/submissions/save-submission, or disable/customize front-end submissio...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/29 10:19 p.m.24 views

formie's unauthenticated front-end submission editing can overwrite existing submissions

Impact Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. Patches 2.2.21, 3.1.26 Workarounds Block unauthenticated access to actions/formie/submissions/save-submission, or disable/customize front-end submissio...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/29 8:16 p.m.15 views

CVE-2026-47266

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...

8.7CVSS0.00311EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:3 p.m.8 views

CVE-2026-47266

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder