CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32167 – WordPress SurveyJS plugin <= 1.12.20 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32167
04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devsoftbaltic SurveyJS allows Stored XSS. This issue affects SurveyJS: from n/a through 1.12.20. The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.12.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in page... • https://patchstack.com/database/wordpress/plugin/surveyjs/vulnerability/wordpress-surveyjs-plugin-1-12-20-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32256 – WordPress SurveyJS plugin <= 1.12.20 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-32256
04 Apr 2025 — Missing Authorization vulnerability in devsoftbaltic SurveyJS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SurveyJS: from n/a through 1.12.20. The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.12.20. This makes it possible for unauthenticated attackers to perform an u... • https://patchstack.com/database/wordpress/plugin/surveyjs/vulnerability/wordpress-surveyjs-plugin-1-12-20-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 45%CPEs: 1EXPL: 1CVE-2024-50427 – WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50427
24 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder. Este problema afecta a SurveyJS: Drag & Drop WordPress Form Builder: desde n/a hasta 1.9.136. The SurveyJS: Drag & Drop WordPress Form Builder to... • https://github.com/RandomRobbieBF/CVE-2024-50427 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28635 – SurveyJS Survey Creator 1.9.132 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-28635
19 Mar 2024 — Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. Vulnerabilidad de Cross Site Scripting (XSS) en SurveyJS Survey Creator v.1.9.132 y anteriores, permite a los atacantes ejecutar código arbitrario y obtener información confidencial a través del parámetro de título en el formulario. SurveyJS Survey Creator versions 1.9.132 and below suffer from both reflective a... • https://packetstorm.news/files/id/177658 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •