Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
SPIP Saisies Plugin Allows Attackers to Run Code on Your Server
Exploitation likelihood: 74%
CVE-2025-71243
Summary
If you're using the Saisies plugin with SPIP versions 5.4.0 to 5.11.0, an attacker can potentially run malicious code on your server. This is a serious security threat. To protect yourself, update SPIP to version 5.11.1 or later as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| spip | saisies | > 5.4.0 , <= 5.11.1 | – |
Original title
The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to ex...
Original description
The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5.11.0 contains a critical Remote Code Execution (RCE) vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the server. Users should immediately update to version 5.11.1 or later.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-94
Code Injection
Published: 19 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026