Lucene search
K

8 matches found

Patchstack
Patchstack
added 2026/02/02 1:23 a.m.11 views

WordPress SurveyJS plugin <= 1.12.20 - Cross-Site Request Forgery to Survey Creation vulnerability

Cross-Site Request Forgery to Survey Creation vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SurveyJS versions = 1.12.20...

4.3CVSS5.9AI score0.00126EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/24 9:8 a.m.27 views

CVE-2025-13139 SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to crea...

4.3CVSS0.00126EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 9:8 a.m.3 views

CVE-2025-13139

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to...

4.3CVSS5.8AI score0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.10 views

PT-2026-4599

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS AddSurvey AJAX action. This makes it possible for unauthenticated attackers to...

4.3CVSS5.5AI score0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.8 views

PT-2026-1656

Name of the Vulnerable Software and Affected Versions Data Illusion Zumbrunn NGSurvey Enterprise Edition version 3.6.4 Description The software contains a stored cross-site scripting issue. This affects the survey content and administration functionality, allowing authenticated remote users with...

5.4CVSS6AI score0.00168EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2003-1452

Malware in sbrugna...

5CVSS6.4AI score0.0144EPSS
Exploits0References6
Huntr
Huntr
added 2023/05/30 3:24 a.m.9 views

Stored XSS in End page

Description Allows a user who only has the authority to create surveys not the administrator to bypass validation and embed javascript schemes when creating surveys Step to reproduce - Login as administrator 1. Open User management and Create a user with create surveys only permissions. 1. Logout...

6.9AI score
Exploits0
wpexploit
wpexploit
added 2021/01/08 12:0 a.m.207 views

Modal Survey < 2.0.1.8.2 - Unauthenticated Arbitrary Survey Update, Deletion and Creation

The plugin AJAX calls including unauthenticated ones did not have capabilities and CSRF checks, allowing unauthenticated users to update, delete or create arbitrary surveys. curl --url https://exmple.com/wp-admin/admin-ajax.php --data "action=ajaxsurvey&sspcmd=delete&surveyid=110251535" curl --ur...

3.1AI score
Exploits0References1
Rows per page
Query Builder