Ays-pro Survey_maker

16 CVEs affecting Ays-pro Survey_maker. Latest disclosed: 2025-04-10. Critical: 0, High: 4.

Top CVEs affecting Ays-pro Survey_maker
CVESeverityScorePublishedSummary
CVE-2023-23490High8.82023-01-20The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surv…
CVE-2021-24459High8.82021-08-02The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before us…
CVE-2023-0038High7.22023-01-03The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and i…
CVE-2024-29918High7.12024-03-27Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Reflected XSS.This…
CVE-2023-34423Medium6.12024-04-03Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on th…
CVE-2023-2572Medium6.12023-06-05The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scrip…
CVE-2025-22664Medium5.92025-02-04Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This…
CVE-2024-50426Medium5.92024-10-29Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This…
CVE-2024-27996Medium5.92024-03-19Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This iss…
CVE-2024-13505Medium5.52025-01-26The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up…
CVE-2023-22697Medium5.32024-12-13Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect…
CVE-2023-35764Medium5.32024-04-03Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when postin…
CVE-2024-4061Medium4.82024-05-21The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perf…
CVE-2021-26256Medium4.72022-02-21Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6).
CVE-2024-8488Medium4.42024-10-08The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insuffi…
CVE-2025-32275Medium4.32025-04-10Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker survey-maker allows Identity Spoofing.This issue affects Survey Maker: from n/a through…