getformwork/formwork Security Advisories for 2.0.0-beta.1 (4)
-
[HIGH] Formwork Improperly Managed Privileges in User creation
PKSA-s7gr-pq9f-f16r CVE-2026-27198 GHSA-34p4-7w83-35g2
Affected version: >=2.0.0,<=2.3.3
Reported by:
GitHub -
[MEDIUM] Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags
PKSA-rmpr-1pwg-drvq CVE-2025-65956 GHSA-7j46-f57w-76pj
Affected version: <2.2.0
Reported by:
GitHub -
[HIGH] Formwork improperly validates input of User role preventing site and panel availability
PKSA-f12j-yzp4-332f GHSA-c85w-x26q-ch87
Affected version: >=2.0.0-beta.1,<2.0.0-beta.4
Reported by:
GitHub -
[MEDIUM] Cross-site scripting (XSS) vulnerability in Description metadata
PKSA-mh52-mt19-xnym CVE-2024-37160 GHSA-5pxr-7m4j-jjc6
Affected version: =2.0.0-beta.1|<1.13.1
Reported by:
GitHub