Ays-pro

Survey Maker

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2024-50426

  • EPSS 0.18%
  • Veröffentlicht 29.10.2024 09:15:10
  • Zuletzt bearbeitet 18.04.2025 01:25:53

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 5.0.2.

4.8

CVE-2024-8488

  • EPSS 0.28%
  • Veröffentlicht 08.10.2024 11:15:13
  • Zuletzt bearbeitet 23.04.2025 01:10:19

The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta...

4.8

CVE-2024-4061

Exploit
  • EPSS 0.37%
  • Veröffentlicht 21.05.2024 06:15:09
  • Zuletzt bearbeitet 18.04.2025 16:16:18

The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo...

5.3

CVE-2023-35764

  • EPSS 0.24%
  • Veröffentlicht 03.04.2024 08:15:49
  • Zuletzt bearbeitet 10.10.2025 17:18:24

Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting.

6.1

CVE-2023-34423

  • EPSS 0.25%
  • Veröffentlicht 03.04.2024 08:15:48
  • Zuletzt bearbeitet 10.10.2025 17:18:42

Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the admin...

5.4

CVE-2024-29918

  • EPSS 0.29%
  • Veröffentlicht 27.03.2024 08:15:38
  • Zuletzt bearbeitet 11.04.2025 20:23:06

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Reflected XSS.This issue affects Survey Maker: from n/a through 4.0.6.

4.8

CVE-2024-27996

  • EPSS 0.06%
  • Veröffentlicht 19.03.2024 17:15:10
  • Zuletzt bearbeitet 16.04.2025 14:51:28

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 4.0.5.

6.1

CVE-2023-2572

Exploit
  • EPSS 0.15%
  • Veröffentlicht 05.06.2023 14:15:10
  • Zuletzt bearbeitet 08.01.2025 17:15:11

The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

8.8

CVE-2023-23490

Exploit
  • EPSS 1.43%
  • Veröffentlicht 20.01.2023 19:15:18
  • Zuletzt bearbeitet 03.04.2025 20:15:22

The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action.

6.1

CVE-2023-0038

Exploit
  • EPSS 1.98%
  • Veröffentlicht 03.01.2023 14:15:10
  • Zuletzt bearbeitet 21.11.2024 07:36:26

The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it p...