Vulnerabilities > AYS PRO > Survey Maker > 1.2.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-10 | CVE-2025-32275 | Authentication Bypass by Spoofing vulnerability in Ays-Pro Survey Maker Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker allows Identity Spoofing. | 5.3 |
| 2025-01-26 | CVE-2024-13505 | Cross-site Scripting vulnerability in Ays-Pro Survey Maker The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-12-13 | CVE-2023-22697 | Missing Authorization vulnerability in Ays-Pro Survey Maker Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through 3.2.0. | 9.8 |
| 2024-03-27 | CVE-2024-29918 | Unspecified vulnerability in Ays-Pro Survey Maker Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Reflected XSS.This issue affects Survey Maker: from n/a through 4.0.6. | 5.4 |
| 2024-03-19 | CVE-2024-27996 | Unspecified vulnerability in Ays-Pro Survey Maker Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 4.0.5. | 4.8 |
| 2023-06-05 | CVE-2023-2572 | Unspecified vulnerability in Ays-Pro Survey Maker The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2023-01-20 | CVE-2023-23490 | SQL Injection vulnerability in Ays-Pro Survey Maker The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action. | 8.8 |
| 2023-01-03 | CVE-2023-0038 | Unspecified vulnerability in Ays-Pro Survey Maker The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2022-02-21 | CVE-2021-26256 | Cross-site Scripting vulnerability in Ays-Pro Survey Maker Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6). | 6.1 |
| 2021-08-02 | CVE-2021-24459 | Unspecified vulnerability in Ays-Pro Survey Maker The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard | 8.8 |