Userfeedback Lite

Source repositories

https://plugins.svn.wordpress.org/userfeedback-lite/

CVEs (5)

CVE	Sev	Risk	CVSS	Published	Description
CVE-2026-39475	Hig	0.49	7.6	Apr 8, 2026	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through <= 1.10.1.
CVE-2025-68496	Hig	0.49	7.6	Dec 24, 2025	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through <= 1.10.0.
CVE-2025-10694	Med	0.34	5.3	Oct 25, 2025	The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `maybe_load_onboarding_wizard` function in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to access the onboarding wizard page and view configuration information including the administrator email address.
CVE-2023-50887	Med	0.34	5.3	Dec 9, 2024	Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= 1.0.10.
CVE-2026-39476	Med	0.28	4.3	Apr 8, 2026	Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= 1.10.1.

CVE-2026-39475HigApr 8, 2026
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through <= 1.10.1.
CVE-2025-68496HigDec 24, 2025
risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through <= 1.10.0.
CVE-2025-10694MedOct 25, 2025
risk 0.34cvss 5.3epss 0.00
The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `maybe_load_onboarding_wizard` function in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to access the onboarding wizard page and view configuration information including the administrator email address.
CVE-2023-50887MedDec 9, 2024
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= 1.0.10.
CVE-2026-39476MedApr 8, 2026
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= 1.10.1.