Every CVE whose affected-product data names Ays-pro Survey Maker, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2021-24459 — CVSS 8.8 (high): The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby…
CVE-2023-23490 — CVSS 8.8 (high): The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids'…
CVE-2023-0038 — CVSS 7.2 (high): The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in…
CVE-2024-29918 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows…
CVE-2023-2572 — CVSS 6.1 (medium): The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to…
CVE-2023-34423 — CVSS 6.1 (medium): Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script…
CVE-2025-22664 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker…
CVE-2024-50426 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker…
CVE-2024-27996 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows…
CVE-2024-13505 — CVSS 5.5 (medium): The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’…
CVE-2023-35764 — CVSS 5.3 (medium): Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP…
CVE-2023-22697 — CVSS 5.3 (medium): Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security…
CVE-2024-4061 — CVSS 4.8 (medium): The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users…
CVE-2024-8488 — CVSS 4.4 (medium): The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including…
CVE-2025-32275 — CVSS 4.3 (medium): Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker survey-maker allows Identity Spoofing.This issue affects Survey…