[LOW] Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue

PKSA-xc3n-vk9q-z5t5 GHSA-jp3q-wwp3-pwv9

Affected version: >=5.0.0,<=5.14.6

Reported by:
GitHub

[CRITICAL] The Freeform CraftCMS plugin contains an Server-side template injection (SSTI) vulnerability

PKSA-tpdv-c7w9-v16r CVE-2025-52122 GHSA-9hp3-f5g8-rccg

Affected version: >=5.0.0,<5.10.16

Reported by:
GitHub