Ays-pro Survey_maker
16 CVEs affecting Ays-pro Survey_maker. Latest disclosed: 2025-04-10. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-23490 | High | 8.8 | 2023-01-20 | The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surv… |
CVE-2021-24459 | High | 8.8 | 2021-08-02 | The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before us… |
CVE-2023-0038 | High | 7.2 | 2023-01-03 | The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and i… |
CVE-2024-29918 | High | 7.1 | 2024-03-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Reflected XSS.This… |
CVE-2023-34423 | Medium | 6.1 | 2024-04-03 | Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on th… |
CVE-2023-2572 | Medium | 6.1 | 2023-06-05 | The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scrip… |
CVE-2025-22664 | Medium | 5.9 | 2025-02-04 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This… |
CVE-2024-50426 | Medium | 5.9 | 2024-10-29 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This… |
CVE-2024-27996 | Medium | 5.9 | 2024-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This iss… |
CVE-2024-13505 | Medium | 5.5 | 2025-01-26 | The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up… |
CVE-2023-22697 | Medium | 5.3 | 2024-12-13 | Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect… |
CVE-2023-35764 | Medium | 5.3 | 2024-04-03 | Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when postin… |
CVE-2024-4061 | Medium | 4.8 | 2024-05-21 | The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perf… |
CVE-2021-26256 | Medium | 4.7 | 2022-02-21 | Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6). |
CVE-2024-8488 | Medium | 4.4 | 2024-10-08 | The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insuffi… |
CVE-2025-32275 | Medium | 4.3 | 2025-04-10 | Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker survey-maker allows Identity Spoofing.This issue affects Survey Maker: from n/a through… |