Survey maker

This hub aggregates every CVE we track for Survey maker, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Web & CMS Plugins

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM17HIGH5

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Survey maker.

CVE-2026-26370WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web br...6.1Feb 20, 2026
CVE-2025-64276WordPress Survey Maker plugin <= 5.1.9.4 - Broken Access Control vulnerability6.5Nov 13, 2025
CVE-2025-12891Survey Maker <= 5.1.9.4 - Missing Authorization to Unauthenticated Information Exposure5.3Nov 13, 2025
CVE-2025-12892Survey Maker <= 5.1.9.4 - Missing Authorization to Unauthenticated Limited Option Update5.3Nov 13, 2025
CVE-2025-48098WordPress Survey Maker plugin <= 5.1.8.8 - Cross Site Scripting (XSS) vulnerability7.1Oct 22, 2025
CVE-2025-48095WordPress Survey Maker plugin <= 5.1.8.8 - Cross Site Scripting (XSS) vulnerability5.9Oct 22, 2025
CVE-2025-32275WordPress Survey Maker plugin <= 5.1.6.3 - Bypass vulnerability4.3Apr 10, 2025
CVE-2025-22664WordPress Survey Maker Plugin <= 5.1.3.5 - Cross Site Scripting (XSS) vulnerability5.9Feb 4, 2025
CVE-2024-13505Survey Maker <= 5.1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Survey Question5.5Jan 26, 2025
CVE-2023-22697WordPress Survey Maker plugin <= 3.2.0 - Broken Access Control vulnerability5.3Dec 13, 2024
CVE-2024-50426WordPress Survey Maker plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability5.9Oct 29, 2024
CVE-2024-8488Survey Maker – Customer Satisfaction Questionnaire, Chat Survey, Calculation Form, Payment Forms <= 4.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting4.4Oct 8, 2024
CVE-2024-4061Survey Maker < 4.2.9 - Admin+ Stored XSS via Plugin Settings4.8May 21, 2024
CVE-2023-35764Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting.5.3Apr 3, 2024
CVE-2023-34423Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is loggi...6.1Apr 3, 2024

Product normalization is registry-driven with AI assist and human review. How it works