3938 matches found
5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the shor...
CVE-2026-2412
The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...
CVE-2026-2412 Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter
The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...
CVE-2026-2412 Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter
The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...
WordPress Survey plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by 0x34rth in WordPress Plugin Survey versions = 1.1...
EUVD-2026-13986
The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above,...
CVE-2026-2440
The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...
CVE-2026-1247
The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above,...
CVE-2026-1247
The CVE-2026-1247 entry concerns the WordPress Survey plugin (Survey) vulnerable to Stored Cross-Site Scripting via admin settings up to version 1.1. Root cause: insufficient input sanitization and output escaping. Affected condition: authenticated attackers with administrator-level permissions (...
CVE-2026-1247 Survey <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings
The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above,...
CVE-2026-1247 Survey <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings
The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above,...
CVE-2026-1247
The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above,...
CVE-2026-2440
The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...
PT-2026-26801
The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above,...
PT-2026-26837
The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing...
WordPress plugin Survey 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Malicious code in @cbreone/survey-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa512020ca8dd602c54abcdc6b69379bc5656423a35dabd5200db0e3b8af7fd6 The package @cbreone/survey-ui was found to contain malicious code...
MAL-2026-1592 Malicious code in @cbreone/survey-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa512020ca8dd602c54abcdc6b69379bc5656423a35dabd5200db0e3b8af7fd6 The package @cbreone/survey-ui was found to contain malicious code...
Malicious code in @cbreone/micro-ui-survey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d740150668055ded0e2a179405c28d897f9ad333829b48a26892be6e8d6e3f27 The package @cbreone/micro-ui-survey was found to contain malicious code...
MAL-2026-1591 Malicious code in @cbreone/micro-ui-survey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d740150668055ded0e2a179405c28d897f9ad333829b48a26892be6e8d6e3f27 The package @cbreone/micro-ui-survey was found to contain malicious code...