Lucene search
K

5 matches found

Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress SurveyJS plugin <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion vulnerability

Cross-Site Request Forgery to Survey Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SurveyJS versions = 1.12.20...

4.3CVSS5.9AI score0.00129EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/02 6:40 a.m.5 views

CVE-2025-13140 SurveyJS: Drag & Drop WordPress Form Builder <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJSDeleteSurvey AJAX action. This makes it possible for unauthenticated attackers to...

4.3CVSS5AI score0.00129EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.11 views

PT-2025-48648

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS DeleteSurvey AJAX action. This makes it possible for unauthenticated attackers t...

4.3CVSS5.4AI score0.00129EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2021/01/08 12:0 a.m.11 views

Modal Survey < 2.0.1.8.2 - Unauthenticated Arbitrary Survey Update, Deletion and Creation

The plugin AJAX calls including unauthenticated ones did not have capabilities and CSRF checks, allowing unauthenticated users to update, delete or create arbitrary surveys. PoC curl --url https://exmple.com/wp-admin/admin-ajax.php --data "action=ajaxsurvey=deleteid=110251535" curl --url...

1.8AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2021/01/08 12:0 a.m.212 views

Modal Survey < 2.0.1.8.2 - Unauthenticated Arbitrary Survey Update, Deletion and Creation

The plugin AJAX calls including unauthenticated ones did not have capabilities and CSRF checks, allowing unauthenticated users to update, delete or create arbitrary surveys. curl --url https://exmple.com/wp-admin/admin-ajax.php --data "action=ajaxsurvey&sspcmd=delete&surveyid=110251535" curl --ur...

3.1AI score
Exploits0References1
Rows per page
Query Builder