VYPR
Vendor

Surveyjs

Products
5
CVEs
6
Across products
7
Status
Private

Products

5

Recent CVEs

6
  • CVE-2025-3815MedMay 3, 2025
    risk 0.35cvss 6.4epss 0.00

    The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.12.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2024-36043MedMay 18, 2024
    risk 0.33cvss 6.1epss 0.00

    question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property.

  • CVE-2025-13205MedJan 24, 2026
    risk 0.28cvss 4.3epss 0.00

    The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the…

  • CVE-2025-13194MedJan 24, 2026
    risk 0.21cvss 4.3epss 0.00

    The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce verification on the…

  • CVE-2025-13139MedJan 24, 2026
    risk 0.21cvss 4.3epss 0.00

    The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJS_AddSurvey AJAX action. This makes it possible for…

  • CVE-2025-13140MedDec 2, 2025
    risk 0.21cvss 4.3epss 0.00

    The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS_DeleteSurvey AJAX action. This makes it possible for…