Lucene search
Japan Vulnerability NotesJVN:51098626HistoryMar 27, 2024 - 12:00 a.m.
JVN#51098626: Multiple vulnerabilities in WordPress Plugin "Survey Maker"
2024-03-2700:00:00
Japan Vulnerability Notes
jvn.jp
11
wordpress
survey maker
cross-site scripting
data authenticity
cve-2023-34423
cve-2023-35764
update plugin
WordPress Plugin “Survey Maker” provided by AYS Pro Plugins contains multiple vulnerabilities listed below.
Stored cross-site scripting (CWE-79) - CVE-2023-34423
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
| CVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | Base Score: 4.3 |
Insufficient verification of data authenticity (CWE-345) - CVE-2023-35764
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | Base Score: 5.3 |
| CVSS v2 | AV:N/AC:L/Au:N/C:N/I:P/A:N | Base Score: 5.0 |
Impact
- An arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the administrative privilege - CVE-2023-34423
- A remote attacker may spoof an IP address when posting - CVE-2023-35764
Solution
Update the plugin
Update the plugin according to the information provided by the developer.
Products Affected
CVE-2023-34423
-
Survey Maker versions prior to 3.6.4
CVE-2023-35764 -
Survey Maker versions prior to 4.1.0
Related
cvelist
cvelist
CVE-2023-35764
2024-04-03 07:10:07
CVE-2023-34423
2024-04-03 07:09:42
cve
cve
CVE-2023-35764
2024-04-03 08:15:49
CVE-2023-34423
2024-04-03 08:15:48
wpvulndb
wpvulndb
Survey Maker – Best WordPress Survey Plugin < 3.6.4 - Unauthenticated Stored Cross-Site Scripting
2024-05-07 00:00:00
Survey Maker < 4.1.0 - IP Address Spoofing
2024-05-08 00:00:00
wordfence
wordfence