Surveyjs
Products
5- 4 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3815 | Med | 0.35 | 6.4 | 0.00 | May 3, 2025 | The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.12.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-36043 | Med | 0.33 | 6.1 | 0.00 | May 18, 2024 | question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property. | ||
| CVE-2025-13205 | Med | 0.28 | 4.3 | 0.00 | Jan 24, 2026 | The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the… | ||
| CVE-2025-13194 | Med | 0.21 | 4.3 | 0.00 | Jan 24, 2026 | The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce verification on the… | ||
| CVE-2025-13139 | Med | 0.21 | 4.3 | 0.00 | Jan 24, 2026 | The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJS_AddSurvey AJAX action. This makes it possible for… | ||
| CVE-2025-13140 | Med | 0.21 | 4.3 | 0.00 | Dec 2, 2025 | The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS_DeleteSurvey AJAX action. This makes it possible for… |
- risk 0.35cvss 6.4epss 0.00
The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.12.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
- risk 0.33cvss 6.1epss 0.00
question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property.
- risk 0.28cvss 4.3epss 0.00
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the…
- risk 0.21cvss 4.3epss 0.00
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce verification on the…
- risk 0.21cvss 4.3epss 0.00
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJS_AddSurvey AJAX action. This makes it possible for…
- risk 0.21cvss 4.3epss 0.00
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS_DeleteSurvey AJAX action. This makes it possible for…