cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8488,https://securityvulnerability.io/vulnerability/CVE-2024-8488,Stored Cross-Site Scripting Vulnerability in Survey Maker Plugin for WordPress,"The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",Wordpress,Survey Maker,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-10-08T11:04:22.539Z,0
CVE-2024-3592,https://securityvulnerability.io/vulnerability/CVE-2024-3592,SQL Injection Vulnerability in The Quiz And Survey Master Plugin for WordPress,"The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",Wordpress,Quiz And Survey Master (qsm) – Easy Quiz And Survey Maker,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,2024-06-07T05:33:47.004Z,0
CVE-2024-4061,https://securityvulnerability.io/vulnerability/CVE-2024-4061,Unfiltered HTML Settings Vulnerability in The Survey Maker WordPress Plugin,"The Survey Maker  WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Survey Maker,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-05-21T06:00:02.007Z,0
CVE-2023-2572,https://securityvulnerability.io/vulnerability/CVE-2023-2572,Survey Maker < 3.4.7 - Reflected XSS,"The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,Survey Maker,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2023-06-05T14:15:00.000Z,0
CVE-2023-23490,https://securityvulnerability.io/vulnerability/CVE-2023-23490,Authenticated SQL Injection in Survey Maker Plugin by WordPress,"The Survey Maker Plugin for WordPress prior to version 3.1.2 is susceptible to an SQL injection vulnerability in the 'surveys_ids' parameter of the 'ays_surveys_export_json' action. This flaw allows authenticated users to manipulate SQL queries, potentially leading to unauthorized data access and exposure of sensitive information.",Wordpress,Survey Maker WordPress Plugin,8.8,HIGH,0.0009399999980814755,false,,false,false,false,,false,false,2023-01-20T00:00:00.000Z,0
CVE-2023-0038,https://securityvulnerability.io/vulnerability/CVE-2023-0038,Stored Cross-Site Scripting in Survey Maker WordPress Plugin,"The Survey Maker plugin for WordPress has a vulnerability that allows unauthenticated attackers to execute arbitrary web scripts via injected code in survey answers. This occurs due to a lack of sufficient input sanitization and output escaping in versions up to and including 3.1.3. When users submit quizzes, attackers can exploit this weakness, causing malicious scripts to run anytime someone accesses the submissions page, potentially compromising user data and site integrity.",Wordpress,Survey Maker – Best WordPress Survey Plugin,7.2,HIGH,0.0007399999885819852,false,,false,false,false,,false,false,2023-01-03T14:15:00.000Z,0
CVE-2021-26256,https://securityvulnerability.io/vulnerability/CVE-2021-26256,WordPress Survey Maker plugin <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability,Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6).,Wordpress,Survey Maker (WordPress Plugin),4.7,MEDIUM,0.0009800000116229057,false,,false,false,false,,false,false,2022-02-21T18:15:00.000Z,0
CVE-2021-24459,https://securityvulnerability.io/vulnerability/CVE-2021-24459,Survey Maker < 1.5.6 - Authenticated Blind SQL Injections,"The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard",Wordpress,Survey Maker,8.8,HIGH,0.001129999989643693,false,,false,false,false,,false,false,2021-08-02T10:32:04.000Z,0