PT-2025-48660

Name of the Vulnerable Software and Affected Versions ObjectPlanet Opinio versions 7.26 rev12562 Description A stored Cross-Site Scripting XSS issue exists in the survey-import feature of the web application. This allows an attacker to inject arbitrary JavaScript code that will execute within the...

PT-2025-48648

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS DeleteSurvey AJAX action. This makes it possible for unauthenticated attackers t...

ObjectPlanet Opinio 安全漏洞

ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in ObjectPlanet Opinio version 7.26 rev12562, which stems from the presence of stored cross-site scripting in the survey import function, which could allow an attacker to inject arbitrary...

CVE-2025-13143

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. This is due to missing or insufficient nonce validation on the disconnectaccountaction function. This makes it possible for...

WordPress plugin Poll Survey Quiz Maker Plugin by Opinion Stage 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based server.WordPress...

Black Friday scammers offer fake gifts from big-name brands to empty bank accounts

Black Friday is supposed to be chaotic, sure, but not this chaotic. While monitoring malvertising patterns ahead of the holiday rush, I uncovered one of the most widespread and polished Black Friday scam campaigns circulating online right now. It’s not a niche problem. Our own research shows that...

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

CVE-2025-41074

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which ca...

WordPress Survey Maker plugin missing license vulnerability

WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. A lack of authorization vulnerability exists in WordPress Survey Maker plugin, which can be exploited by ...

WordPress Survey Maker plugin unauthorized access vulnerability

WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. An unauthorized access vulnerability exists in the WordPress Survey Maker plugin, which stems from a lack...

WordPress Survey Maker plugin missing capability check vulnerability

WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. WordPress Survey Maker plugin suffers from a missing capability check vulnerability, which stems from a...

CVE-2025-64276

Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through = 5.1.9.4...

WordPress Survey Maker plugin <= 5.1.9.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Survey Maker versions = 5.1.9.4...

CVE-2025-12891

The Survey Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ayssurveyshowresults' AJAX endpoint in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to view all survey submissions...

CVE-2025-12892

The Survey Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatepluginoption function in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to update the...

CVE-2025-13060

A security vulnerability has been detected in SourceCodester Survey Application System 1.0. This affects an unknown function of the file /viewsurvey.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and m...

EUVD-2025-163774

Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through = 5.1.9.4...

CVE-2025-64276

Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through = 5.1.9.4...

CVE-2025-64276

CVE-2025-64276 corresponds to a Missing Authorization vulnerability in the WordPress Survey Maker plugin. Affected: Survey Maker plugin versions through 5.1.9.4. Root cause: misconfigured access control security levels allowing improper authorization checks. Impact: potential confidentiality impa...