CVE-2025-13139
CVE-2025-13139 affects SurveyJS: Drag & Drop WordPress Form Builder (WordPress plugin). The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the SurveyJS_AddSurvey AJAX action, allowing unauthenticated attackers to create surveys if a site admin is tricked i...