CVE-2025-22664

CVE-2025-22664 affects WordPress Survey Maker plugin versions up to 5.1.3.5. It stems from improper neutralization of inputs during page generation, causing Stored XSS in web pages. Public details indicate the vulnerability exists in affected versions and can be triggered by inputs that aren’t pr...

PT-2025-4614 · Unknown · Survey Maker

Name of the Vulnerable Software and Affected Versions: Survey Maker versions prior to 5.1.3.5 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject malicious script...

WordPress plugin Survey Maker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Survey Maker Plugin <= 5.1.3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by astra.r3verii Patchstack Alliance in WordPress Plugin Survey Maker versions = 5.1.3.5...

WordPress Survey Maker plugin <= 5.1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Survey Question vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via Survey Question vulnerability discovered by Joel Indra in WordPress Plugin Survey Maker versions = 5.1.3.3...

WordPress WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin <= 1.7.5 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin WordPress Survey & Poll versions = 1.7.5...

CVE-2024-13596

The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'survey' shortcode in all versions up to, and including, 1.7.5 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-13596 WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) SQL Injection

The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'survey' shortcode in all versions up to, and including, 1.7.5 due to insufficient escaping on the user supplied parameter and lack of...

PT-2025-2228 · WordPress · Wordpress Survey & Poll

Name of the Vulnerable Software and Affected Versions: WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress versions up to and including 1.7.5 Description: The issue allows authenticated attackers with Contributor-level access and above to inject SQL queries via the id attribute o...

WordPress plugin WordPress Survey & Poll SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress...

CVE-2024-13505

The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ayssections5questions8title’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-13505 Survey Maker <= 5.1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Survey Question

The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ayssections5questions8title’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-13505

CVE-2024-13505 affects the WordPress plugin Survey Maker. It is a Stored XSS vulnerability triggered via the parameter ays_sections[5][questions][8][title] due to insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with administrator-level access a...

CVE-2024-13505 Survey Maker <= 5.1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Survey Question

The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ayssections5questions8title’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin Survey Maker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-2195 · WordPress · Survey Maker

Name of the Vulnerable Software and Affected Versions: Survey Maker plugin for WordPress versions up to, and including, 5.1.3.3 Description: The issue is related to Stored Cross-Site Scripting via the ays sections5questions8title parameter due to insufficient input sanitization and output escapin...

WordPress RS Survey plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin RS Survey versions = 1.0...

CVE-2025-22907

RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function...

World Tour Survey: Cloud Engineers Wrestle with Risk

Trend surveyed 750 cybersecurity professionals in 49 countries to learn more about the state of cybersecurity, from job pressures to the need for more advanced tools. Explore what cloud security engineers teams had to say...

CVE-2025-23111

An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website...