SurveyJS: Drag & Drop Form Builder

Vulnerabilities 10Slug surveyjsLatest version 2.5.4WordPress.org →

Minimum safe version

2.5.3

Update to 2.5.3 or later to address 9 fixable vulnerabilities

Latest available2.5.4 ✓⚠ 1 vulnerability has no fix

N/A Unfixed

2026-03-20≤ 2.5.3

SurveyJS: Drag & Drop Form Builder <= 2.5.3 - Unauthenticated Stored Cross-Site Scripting

Medium 4.3

2026-01-24< 2.5.3

CVE-2025-13205

Medium 4.3

2026-01-24< 2.5.3

CVE-2025-13194

Medium 4.3

2026-01-24< 2.5.3

CVE-2025-13139

Medium 4.3

2025-12-02< 1.20.27

CVE-2025-13140

Medium 6.4

2025-05-03< 1.12.33

SurveyJS <= 1.12.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

Medium 6.5

2025-04-04< 1.12.57

CVE-2025-32167

Medium 5.3

2025-04-04< 1.12.57

CVE-2025-32256

High 8.8

2025-03-01< 1.12.18

CVE-2024-12544

Critical 9.9

2024-10-29< 1.12.4

CVE-2024-50427