Barrelstrengthdesign: Security Vulnerabilities
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0.
CVSS Score
7.4
EPSS Score
0.006
Published
2020-05-07