cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forsurveyjs surveyjs

Direction: ascending
Oct 27, 2024

SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity # CVE-2024-50427

CVE, Research URL

CVE-2024-50427

Home page URL

Security reports for SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity

Application

SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity

Date
Oct 29, 2024
Research Description
Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136.
Affected versions
Min -, max -.
Status
vulnerable
Mar 02, 2025

SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity # CVE-2024-12544

CVE, Research URL

CVE-2024-12544

Home page URL

Security reports for SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity

Application

SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity

Date
Mar 01, 2025
Research Description
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions up to, and including, 1.12.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This function is still vulnerable to Cross-Site Request Forgery as of 1.12.20.
Affected versions
Min -, max -.
Status
vulnerable
Apr 05, 2025

SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity # CVE-2025-32256

CVE, Research URL

CVE-2025-32256

Home page URL

Security reports for SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity

Application

SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity

Date
Apr 04, 2025
Research Description
Missing Authorization vulnerability in devsoftbaltic SurveyJS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SurveyJS: from n/a through 1.12.20.
Affected versions
Min -, max -.
Status
vulnerable

SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity # CVE-2025-32167

CVE, Research URL

CVE-2025-32167

Home page URL

Security reports for SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity

Application

SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity

Date
Apr 04, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devsoftbaltic SurveyJS allows Stored XSS. This issue affects SurveyJS: from n/a through 1.12.20.
Affected versions
Min -, max -.
Status
vulnerable