Lucene search
K

100 matches found

CVE
CVE
added 2026/01/24 9:8 a.m.12 views

CVE-2025-13205

CVE-2025-13205 affects the SurveyJS: Drag & Drop Form Builder for WordPress, versions up to and including 1.12.20. The root cause is missing or incorrect nonce validation on the SurveyJS_CloneSurvey AJAX action, enabling CSRF. Impact: unauthenticated attackers could duplicate surveys by tricking ...

4.3CVSS5.8AI score0.00127EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/24 9:8 a.m.4 views

CVE-2025-13205

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing or incorrect nonce validation on the...

4.3CVSS5.8AI score0.00127EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/24 9:8 a.m.3 views

CVE-2025-13194 SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Renaming

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce verification on the 'SurveyJSRenameSurvey' AJAX...

4.3CVSS5.7AI score0.0013EPSS
Exploits0References3
CVE
CVE
added 2026/01/24 9:8 a.m.18 views

CVE-2025-13194

CVE-2025-13194 – SurveyJS WordPress CSRF in Survey Renaming Affected software: SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress (versions

4.3CVSS5.8AI score0.0013EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/24 9:8 a.m.32 views

CVE-2025-13194 SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Renaming

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce verification on the 'SurveyJSRenameSurvey' AJAX...

4.3CVSS0.0013EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 9:8 a.m.5 views

CVE-2025-13194

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce verification on the 'SurveyJSRenameSurvey' AJAX...

4.3CVSS5.8AI score0.0013EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/24 9:8 a.m.27 views

CVE-2025-13139 SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to crea...

4.3CVSS0.00126EPSS
Exploits0References3
CVE
CVE
added 2026/01/24 9:8 a.m.14 views

CVE-2025-13139

CVE-2025-13139 affects SurveyJS: Drag & Drop WordPress Form Builder (WordPress plugin). The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the SurveyJS_AddSurvey AJAX action, allowing unauthenticated attackers to create surveys if a site admin is tricked i...

4.3CVSS5.8AI score0.00126EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/24 9:8 a.m.4 views

CVE-2025-13139 SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to crea...

4.3CVSS5.7AI score0.00126EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 9:8 a.m.3 views

CVE-2025-13139

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to...

4.3CVSS5.8AI score0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.3 views

PT-2026-4601

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing or incorrect nonce validation on the SurveyJS...

4.3CVSS5.4AI score0.00127EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.13 views

PT-2026-4600

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce verification on the 'SurveyJS RenameSurvey' AJA...

4.3CVSS5.3AI score0.0013EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.9 views

WordPress plugin SurveyJS: Drag & Drop WordPress Form Builder – Cross-site Request Forgery Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.0013EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.6 views

WordPress plugin SurveyJS: Drag & Drop WordPress Form Builder – Cross-site Request Forgery Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00127EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.7 views

WordPress plugin SurveyJS: Drag & Drop WordPress Form Builder – Cross-site Request Forgery Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

4.3CVSS5.7AI score0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.9 views

PT-2026-4599

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS AddSurvey AJAX action. This makes it possible for unauthenticated attackers to...

4.3CVSS5.5AI score0.00126EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress SurveyJS plugin <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion vulnerability

Cross-Site Request Forgery to Survey Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SurveyJS versions = 1.12.20...

4.3CVSS5.9AI score0.00129EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/03 7:4 a.m.5 views

CVE-2025-13140

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJSDeleteSurvey AJAX action. This makes it possible for unauthenticated attackers to...

4.3CVSS5.4AI score0.00129EPSS
Exploits0References1
NVD
NVD
added 2025/12/02 7:15 a.m.6 views

CVE-2025-13140

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJSDeleteSurvey AJAX action. This makes it possible for unauthenticated attackers to...

4.3CVSS0.00129EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/02 6:40 a.m.4 views

CVE-2025-13140 SurveyJS: Drag & Drop WordPress Form Builder <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJSDeleteSurvey AJAX action. This makes it possible for unauthenticated attackers to...

4.3CVSS5AI score0.00129EPSS
Exploits0References3
Rows per page
Query Builder