100 matches found
CVE-2026-2440
The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...
WordPress SurveyJS: Drag & Drop Form Builder plugin <= 2.5.3 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Daniel Basta whizzu - NASK PIB in WordPress Plugin SurveyJS versions = 2.5.3...
EUVD-2026-14014
The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...
CVE-2026-2440
The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...
CVE-2026-2440
The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...
CVE-2026-2440 SurveyJS: Drag & Drop Form Builder <= 2.5.3 - Unauthenticated Stored Cross-Site Scripting
The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...
CVE-2026-2440
The CVE-2026-2440 issue concerns the SurveyJS WordPress plugin. Affected software: SurveyJS plugin for WordPress (up to version 2.5.3). Vulnerability: Stored Cross-Site Scripting via survey result submissions caused by insufficient input sanitization and output escaping. The public survey page ex...
CVE-2026-2440 SurveyJS: Drag & Drop Form Builder <= 2.5.3 - Unauthenticated Stored Cross-Site Scripting
The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...
WordPress plugin SurveyJS 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-26837
The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...
PT-2026-6655
Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.0.0 SurveyJS PDF Generator versions 1.12.58 and lower SurveyJS PDF Generator versions 2.5.4 and lower Description A local file inclusion or path traversal issue was identified in jsPDF. Because SurveyJS PDF Generator...
WordPress SurveyJS plugin <= 1.12.20 - Cross-Site Request Forgery to Survey Creation vulnerability
Cross-Site Request Forgery to Survey Creation vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SurveyJS versions = 1.12.20...
WordPress SurveyJS plugin <= 1.12.20 - Cross-Site Request Forgery to Survey Renaming vulnerability
Cross-Site Request Forgery to Survey Renaming vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SurveyJS versions = 1.12.20...
WordPress SurveyJS plugin <= 1.12.20 - Cross-Site Request Forgery to Survey Cloning vulnerability
Cross-Site Request Forgery to Survey Cloning vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SurveyJS versions = 1.12.20...
CVE-2025-13194
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce verification on the 'SurveyJSRenameSurvey' AJAX...
CVE-2025-13205
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the SurveyJSCloneSurve...
CVE-2025-13139
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to crea...
CVE-2025-13194
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce verification on the 'SurveyJSRenameSurvey' AJAX...
CVE-2025-13205
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the SurveyJSCloneSurve...
CVE-2025-13139
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to crea...