getformwork/formwork Security Advisories for 2.0.0-beta.3 (4)
-
[HIGH] Formwork Improperly Managed Privileges in User creation
PKSA-s7gr-pq9f-f16r CVE-2026-27198 GHSA-34p4-7w83-35g2
Affected version: >=2.0.0,<=2.3.3
Reported by:
GitHub -
[MEDIUM] Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags
PKSA-rmpr-1pwg-drvq CVE-2025-65956 GHSA-7j46-f57w-76pj
Affected version: <2.2.0
Reported by:
GitHub -
[HIGH] Formwork improperly validates input of User role preventing site and panel availability
PKSA-f12j-yzp4-332f GHSA-c85w-x26q-ch87
Affected version: >=2.0.0-beta.1,<2.0.0-beta.4
Reported by:
GitHub -
[MEDIUM] Formwork has a cross-site scripting (XSS) vulnerability in Site title
PKSA-188k-fkf5-brww GHSA-vf6x-59hh-332f
Affected version: =2.0.0-beta.3
Reported by:
GitHub