CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32167 – WordPress SurveyJS plugin <= 1.12.20 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-32167
04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devsoftbaltic SurveyJS allows Stored XSS. This issue affects SurveyJS: from n/a through 1.12.20. The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.12.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in page... • https://patchstack.com/database/wordpress/plugin/surveyjs/vulnerability/wordpress-surveyjs-plugin-1-12-20-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32256 – WordPress SurveyJS plugin <= 1.12.20 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-32256
04 Apr 2025 — Missing Authorization vulnerability in devsoftbaltic SurveyJS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SurveyJS: from n/a through 1.12.20. The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.12.20. This makes it possible for unauthenticated attackers to perform an u... • https://patchstack.com/database/wordpress/plugin/surveyjs/vulnerability/wordpress-surveyjs-plugin-1-12-20-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 45%CPEs: 1EXPL: 1CVE-2024-50427 – WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50427
24 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder. Este problema afecta a SurveyJS: Drag & Drop WordPress Form Builder: desde n/a hasta 1.9.136. The SurveyJS: Drag & Drop WordPress Form Builder to... • https://github.com/RandomRobbieBF/CVE-2024-50427 • CWE-434: Unrestricted Upload of File with Dangerous Type •