CVE-2026-54721 - Remote code execution via userforms email subject

PKSA-g6zg-78xs-c8r8 CVE-2026-54721

Affected version: <6.4.9|>=7.0.0,<7.0.7|>=7.1.0,<7.1.1

Reported by:
FriendsOfPHP/security-advisories

[MEDIUM] SS-2015-018: File upload exposure on UserForms module

PKSA-n971-jkw6-mzjw GHSA-55pp-293f-3365

Affected version: <3.0.0

Reported by:
GitHub, FriendsOfPHP/security-advisories