VYPR

SurveyJS: Drag & Drop WordPress Form Builder

by WordPress

CVEs (2)

  • CVE-2024-12544HigMar 1, 2025
    risk 0.50cvss 8.8epss 0.01

    The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions…

  • CVE-2025-13140MedDec 2, 2025
    risk 0.21cvss 4.3epss 0.00

    The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS_DeleteSurvey AJAX action. This makes it possible for…