cleantalk
Vulnerabilities and Security Researches

SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity, CVE-2025-32167

CVE, Research URL

CVE-2025-32167

Home page URL

Security reports for SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity

Application

SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity

Published on
Apr 04, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devsoftbaltic SurveyJS allows Stored XSS. This issue affects SurveyJS: from n/a through 1.12.20.
Affected versions
Min -, max 1.12.20.
Status
vulnerable
Previous vulnerability researches
SWM – Shopify to WooCommerce Migration (CVE-2025-31795) , Apr 05, 2025
New vulnerability
RDP Wiki Embed (CVE-2025-32262) , Apr 06, 2025
AdMail – Back in-stock notifier for WooCommerce (CVE-2025-32234) , Apr 06, 2025
Course Booking System (CVE-2025-32253) , Apr 06, 2025
Radius Blocks – WordPress Gutenberg Blocks (CVE-2025-32159) , Apr 06, 2025
Wishlist (CVE-2025-32272) , Apr 06, 2025