8 matches found
WordPress SurveyJS plugin <= 1.12.20 - Cross-Site Request Forgery to Survey Creation vulnerability
Cross-Site Request Forgery to Survey Creation vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SurveyJS versions = 1.12.20...
CVE-2025-13139 SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to crea...
CVE-2025-13139
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to...
PT-2026-4599
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS AddSurvey AJAX action. This makes it possible for unauthenticated attackers to...
PT-2026-1656
Name of the Vulnerable Software and Affected Versions Data Illusion Zumbrunn NGSurvey Enterprise Edition version 3.6.4 Description The software contains a stored cross-site scripting issue. This affects the survey content and administration functionality, allowing authenticated remote users with...
EUVD-2003-1452
Malware in sbrugna...
Stored XSS in End page
Description Allows a user who only has the authority to create surveys not the administrator to bypass validation and embed javascript schemes when creating surveys Step to reproduce - Login as administrator 1. Open User management and Create a user with create surveys only permissions. 1. Logout...
Modal Survey < 2.0.1.8.2 - Unauthenticated Arbitrary Survey Update, Deletion and Creation
The plugin AJAX calls including unauthenticated ones did not have capabilities and CSRF checks, allowing unauthenticated users to update, delete or create arbitrary surveys. curl --url https://exmple.com/wp-admin/admin-ajax.php --data "action=ajaxsurvey&sspcmd=delete&surveyid=110251535" curl --ur...