5 matches found
WordPress SurveyJS plugin <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion vulnerability
Cross-Site Request Forgery to Survey Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SurveyJS versions = 1.12.20...
CVE-2025-13140 SurveyJS: Drag & Drop WordPress Form Builder <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJSDeleteSurvey AJAX action. This makes it possible for unauthenticated attackers to...
PT-2025-48648
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS DeleteSurvey AJAX action. This makes it possible for unauthenticated attackers t...
Modal Survey < 2.0.1.8.2 - Unauthenticated Arbitrary Survey Update, Deletion and Creation
The plugin AJAX calls including unauthenticated ones did not have capabilities and CSRF checks, allowing unauthenticated users to update, delete or create arbitrary surveys. PoC curl --url https://exmple.com/wp-admin/admin-ajax.php --data "action=ajaxsurvey=deleteid=110251535" curl --url...
Modal Survey < 2.0.1.8.2 - Unauthenticated Arbitrary Survey Update, Deletion and Creation
The plugin AJAX calls including unauthenticated ones did not have capabilities and CSRF checks, allowing unauthenticated users to update, delete or create arbitrary surveys. curl --url https://exmple.com/wp-admin/admin-ajax.php --data "action=ajaxsurvey&sspcmd=delete&surveyid=110251535" curl --ur...