Skip to main content

Survey Maker

10 CVEs product

Monthly

CVE-2026-57361 HIGH This Week

Stored/reflected cross-site scripting in the Survey Maker WordPress plugin (versions 5.2.2.5 and earlier by AYS Pro) lets unauthenticated remote attackers inject JavaScript that executes in a victim's browser after they interact with a crafted page or survey. The CVSS scope-change flag (S:C) indicates the injected script escapes the plugin's context to affect the wider WordPress site, potentially reaching authenticated admin sessions. This is a Patchstack-reported issue with no public exploit identified at time of analysis and no CISA KEV listing.

XSS Survey Maker
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-13505 MEDIUM PATCH This Month

The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Survey Maker
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-8488 MEDIUM PATCH This Month

The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Survey Maker
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-4061 MEDIUM POC This Month

The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Survey Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-29918 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Reflected XSS.0.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Survey Maker
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-27996 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.0.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Survey Maker
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-2572 MEDIUM POC This Month

The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Survey Maker
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23490 HIGH POC This Week

The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Survey Maker
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-0038 HIGH POC This Week

The "Survey Maker - Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Survey Maker
NVD VulDB
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-24459 HIGH POC This Week

The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Survey Maker
NVD WPScan
CVSS 3.1
8.8
EPSS
1.4%
EPSS 0% CVSS 7.1
HIGH This Week

Stored/reflected cross-site scripting in the Survey Maker WordPress plugin (versions 5.2.2.5 and earlier by AYS Pro) lets unauthenticated remote attackers inject JavaScript that executes in a victim's browser after they interact with a crafted page or survey. The CVSS scope-change flag (S:C) indicates the injected script escapes the plugin's context to affect the wider WordPress site, potentially reaching authenticated admin sessions. This is a Patchstack-reported issue with no public exploit identified at time of analysis and no CISA KEV listing.

XSS Survey Maker
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Survey Maker
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Survey Maker
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Survey Maker
NVD WPScan
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Reflected XSS.0.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Survey Maker
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.0.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Survey Maker
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Survey Maker
NVD WPScan
EPSS 2% CVSS 8.8
HIGH POC This Week

The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Survey Maker
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

The "Survey Maker - Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Survey Maker
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Survey Maker
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy