8 matches found
CVE-2026-2440
The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...
EUVD-2025-150404
The Survey Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ayssurveyshowresults' AJAX endpoint in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to view all survey submissions...
CVE-2025-12891
The Survey Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ayssurveyshowresults' AJAX endpoint in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to view all survey submissions...
CVE-2025-12891 Survey Maker <= 5.1.9.4 - Missing Authorization to Unauthenticated Information Exposure
The Survey Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ayssurveyshowresults' AJAX endpoint in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to view all survey submissions...
CVE-2025-12891
The CVE-2025-12891 entry concerns the WordPress Survey Maker plugin, where a missing capability check on the ays_survey_show_results AJAX endpoint allows unauthorized access to survey submissions. Affected versions are up to and including 5.1.9.4. The vulnerability enables unauthenticated attacke...
PT-2025-46783
Name of the Vulnerable Software and Affected Versions Survey Maker plugin for WordPress versions up to and including 5.1.9.4 Description The software is susceptible to unauthorized data access. This is due to a missing capability check on the ays survey show results API endpoint. This allows...
EUVD-2022-49288
Malicious code in bioql PyPI...
Data Illusion Survey Software Solutions NGSurvey Information Disclosure Vulnerability
ngSurvey is a Data Illusion Survey Software Solutions by ngSurvey, Inc. An information disclosure vulnerability exists in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and prior versions, which stems from a vulnerability that allows an attacker to view access passwords and arbitrarily...