Vulnerabilities4 min read
Critical Formie Plugin Flaw Lets Attackers Hijack Craft CMS Sites
CVE-2026-45697 (CVSS 9.8) in the Formie Craft CMS plugin allows unauthenticated attackers to execute arbitrary code via Twig template injection in Hidden fields. Patch to 2.2.20 or 3.1.24 immediately.
Marcus ChenMay 30, 2026