Medium 6.1 Unfixed
2026-02-20≤ 5.1.7.7
Cross‑Site Scripting in WordPress Survey Maker Plugin
Survey Maker by AYS
Minimum safe version
5.1.9.5
Update to 5.1.9.5 or later to address 25 fixable vulnerabilities
Latest available5.2.2.2 ✓⚠ 1 vulnerability has no fix
Medium 5.3
2025-11-13< 5.1.9.5
CVE-2025-12891
Medium 5.3
2025-11-13< 5.1.9.5
CVE-2025-12892
Medium 6.5
2025-11-14< 5.1.9.5
Survey Maker <= 5.1.9.4 - Missing Authorization
Medium 5.9
2025-10-22< 5.1.8.9
CVE-2025-48095
High 7.1
2025-10-22< 5.1.8.9
CVE-2025-48098
Medium 4.3
2025-04-10< 5.1.6.4
CVE-2025-32275
Medium 5.9
2025-02-04< 5.1.3.6
CVE-2025-22664
Medium 5.5
2025-01-30< 5.1.3.4
WordPress Survey Maker Plugin <= 5.1.3.3 is vulnerable to Cross Site Scripting (XSS)
Medium 5.9
2024-10-29< 5.0.3
CVE-2024-50426
Medium 4.8
2024-10-08< 4.9.6
CVE-2024-8488
Medium 4.8
2024-05-21< 4.2.9
CVE-2024-4061
Medium 5.3
2024-04-03< 4.1.0
CVE-2023-35764
Medium 6.1
2024-04-27< 3.6.4
Survey Maker – Best WordPress Survey Plugin <= 3.6.6 - Unauthenticated Stored Cross-Site Scripting
High 7.1
2024-03-27< 4.0.7
CVE-2024-29918
Medium 5.9
2024-03-19< 4.0.6
CVE-2024-27996
Medium 6.1
2023-06-22< 3.4.7
WordPress Survey Maker Plugin < 3.4.7 is vulnerable to Cross Site Scripting (XSS)
Medium 5.3
2024-12-13< 3.2.1
CVE-2023-22697
High 8.8
2023-01-20< 3.1.2
CVE-2023-23490
Medium 6.1
2023-01-03< 3.1.4
CVE-2023-0038
N/A
2022-12-22< 3.1.2
Survey Maker – Best WordPress Survey Plugin <= 3.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
N/A
2022-12-23< 3.1.2
WordPress Survey Maker Plugin <= 3.1.1 is vulnerable to Cross Site Scripting (XSS)
N/A
2021-06-29< 1.5.6
Survey Maker – Best WordPress Survey Plugin <= 1.5.5 - Reflected Cross-Site Scripting
N/A
< 1.5.6
Multiple Plugins from AYS Pro - Reflected Cross-Site Scripting (XSS)
High 8.8
2021-08-02< 1.5.6
CVE-2021-24459
Medium 4.7
2022-02-21< 2.0.7
CVE-2021-26256