CVE-2025-13194

CVE-2025-13194 – SurveyJS WordPress CSRF in Survey Renaming Affected software: SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress (versions

CVE-2025-13194 SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Renaming

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce verification on the 'SurveyJSRenameSurvey' AJAX...

PT-2026-4600

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce verification on the 'SurveyJS RenameSurvey' AJA...

WordPress plugin SurveyJS: Drag & Drop WordPress Form Builder – Cross-site Request Forgery Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...