Stored XSS Flaw in Survey Maker by Survey Maker Team
CVE-2025-22664

4.8MEDIUM

Key Information:

Vendor: WordPress
Status: Survey Maker
Vendor: CVE Published:; 4 February 2025

What is CVE-2025-22664?

A stored cross-site scripting vulnerability exists in Survey Maker versions up to and including 5.1.3.5. This vulnerability arises due to improper neutralization of user input during web page generation, allowing an attacker to inject malicious scripts. When other users interact with the compromised survey, these scripts can execute in their browsers, potentially compromising sensitive information or facilitating further attacks.

Affected Version(s)

Survey Maker <= 5.1.3.5

References

https://patchstack.com/database/wordpress/plugin/survey-m...

vdb-entry

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

astra.r3verii (Patchstack Alliance)