Lucene search
+L

8 matches found

nvd
nvd
added 2026/03/21 4:17 a.m.7 views

CVE-2026-2440

The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...

7.2CVSS0.00282EPSS
Exploits0References3
euvd
euvd
added 2025/11/13 6:30 a.m.6 views

EUVD-2025-150404

The Survey Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ayssurveyshowresults' AJAX endpoint in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to view all survey submissions...

5.3CVSS4.8AI score0.00233EPSS
Exploits0References3
nvd
nvd
added 2025/11/13 5:16 a.m.6 views

CVE-2025-12891

The Survey Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ayssurveyshowresults' AJAX endpoint in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to view all survey submissions...

5.3CVSS0.00233EPSS
Exploits0References2
cvelist
cvelist
added 2025/11/13 4:28 a.m.11 views

CVE-2025-12891 Survey Maker <= 5.1.9.4 - Missing Authorization to Unauthenticated Information Exposure

The Survey Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ayssurveyshowresults' AJAX endpoint in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to view all survey submissions...

5.3CVSS0.00233EPSS
Exploits0References2
cve
cve
added 2025/11/13 4:28 a.m.22 views

CVE-2025-12891

The CVE-2025-12891 entry concerns the WordPress Survey Maker plugin, where a missing capability check on the ays_survey_show_results AJAX endpoint allows unauthorized access to survey submissions. Affected versions are up to and including 5.1.9.4. The vulnerability enables unauthenticated attacke...

5.3CVSS4.9AI score0.00233EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/11/13 12:0 a.m.7 views

PT-2025-46783

Name of the Vulnerable Software and Affected Versions Survey Maker plugin for WordPress versions up to and including 5.1.9.4 Description The software is susceptible to unauthorized data access. This is due to a missing capability check on the ays survey show results API endpoint. This allows...

5.3CVSS6AI score0.00233EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-49288

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00711EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/08/02 12:0 a.m.3 views

Data Illusion Survey Software Solutions NGSurvey Information Disclosure Vulnerability

ngSurvey is a Data Illusion Survey Software Solutions by ngSurvey, Inc. An information disclosure vulnerability exists in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and prior versions, which stems from a vulnerability that allows an attacker to view access passwords and arbitrarily...

7.5CVSS6.2AI score0.00711EPSS
Exploits0References2
Rows per page
Query Builder