WordPress SurveyJS plugin <= 1.12.20 - Cross-Site Request Forgery to Survey Creation vulnerability

Cross-Site Request Forgery to Survey Creation vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SurveyJS versions = 1.12.20...

CVE-2025-13205 SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.20 - Cross-Site Request Forgery to Survey Cloning

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing or incorrect nonce validation on the...

CVE-2025-13205

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing or incorrect nonce validation on the...

CVE-2025-13194

CVE-2025-13194 – SurveyJS WordPress CSRF in Survey Renaming Affected software: SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress (versions

CVE-2025-13139 SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to crea...

WordPress plugin SurveyJS: Drag & Drop WordPress Form Builder – Cross-site Request Forgery Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

WordPress plugin SurveyJS: Drag & Drop WordPress Form Builder – Cross-site Request Forgery Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress SurveyJS plugin <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion vulnerability

Cross-Site Request Forgery to Survey Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin SurveyJS versions = 1.12.20...

CVE-2025-13140

CVE-2025-13140 affects the SurveyJS: Drag & Drop Form Builder WordPress plugin. It is a CSRF vulnerability caused by missing nonce validation on the SurveyJS_DeleteSurvey AJAX action, allowing unauthenticated attackers to delete surveys via forged requests if a site admin is tricked. Impact is de...

PT-2025-48648

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS DeleteSurvey AJAX action. This makes it possible for unauthenticated attackers t...

WordPress Giveaways and Contests by RafflePress plugin <= 1.12.20 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Giveaways and Contests by RafflePress versions = 1.12.20...

EUVD-2025-198477

Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through = 1.12.20...

CVE-2025-66064 WordPress Giveaways and Contests by RafflePress plugin <= 1.12.20 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through = 1.12.20...

CVE-2025-66064

CVE-2025-66064 : WordPress plugin Giveaways and Contests by RafflePress (versions = 1.12.20 or as indicated by the vendor) or apply vendor-provided mitigation per the connected docs. Monitor for additional updates from Red Hat/ENISA/CVE listings as referenced.

CVE-2025-32167

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in devsoftbaltic SurveyJS surveyjs allows Stored XSS.This issue affects SurveyJS: from n/a through = 1.12.20...

D-BUS Resource Management Error Vulnerability

D-Bus is a message bus system that is primarily used for inter-process communication and remote procedure calls, among other things. A resource management error vulnerability exists in D-Bus 1.12.20 that results in a crash or other undefined behavior...

WordPress Contact Form Maker 1.12.20 XSS / CSRF / SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Contact Form Maker Plugin Multiple Security Vulnerabilities Advisory ID: DC-2018-05-004 Advisory Title: WordPress Contact Form Maker Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Contact...

WordPress Plugin Form Maker 1.12.20 - CSV Injection

Exploit Title: Wordpress Plugin Form Maker version 1.12.20 vulnerable to to Formula Injection CSV Injection Google Dork: N/A Date: 27-04-2018 Exploit Author: Jetty Sairam Software Link: https://wordpress.org/plugins/form-maker/ Affected Version: 1.12.20 and before Category: Plugins and Extensions...

JVN#18926672: Zend Framework vulnerable to SQL injection

Zend Framework is an open source web application framework. Zend Framework 1 contains an SQL injection vulnerability CWE-89 due to a flaw in processing parameters in the ORDER BY and GROUP BY clauses. Impact Information stored in the database may be obtained or altered by a remote attacker...