Devsoftbaltic Surveyjs: Drag & Drop Form Builder
7 CVEs affecting Devsoftbaltic Surveyjs: Drag & Drop Form Builder. Latest disclosed: 2026-03-21. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-12544 | High | 8.8 | 2025-03-01 | The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary fi… |
CVE-2026-2440 | High | 7.2 | 2026-03-21 | The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This… |
CVE-2025-3815 | Medium | 6.4 | 2025-05-03 | The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.12.32 due to insu… |
CVE-2025-13205 | Medium | 4.3 | 2026-01-24 | The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site R… |
CVE-2025-13194 | Medium | 4.3 | 2026-01-24 | The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site R… |
CVE-2025-13139 | Medium | 4.3 | 2026-01-24 | The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2… |
CVE-2025-13140 | Medium | 4.3 | 2025-12-02 | The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20… |