Cross-Site Scripting Vulnerability in Ays Pro Survey Maker
CVE-2025-48098

7.1HIGH

Key Information:

Vendor: WordPress
Status: Survey Maker
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-48098?

A vulnerability has been identified in the Ays Pro Survey Maker plugin that allows attackers to inject malicious scripts through improper input handling. This Stored Cross-Site Scripting (XSS) flaw can enable unauthorized users to execute scripts in the context of a victim's browser session, potentially leading to data theft or session hijacking. Affected versions include Survey Maker prior to 5.1.8.8, making it crucial for users to update to the latest version to mitigate associated risks.

Affected Version(s)

Survey Maker <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/surv...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
May 15, 2025

Credit

balejin (Patchstack Alliance)

JSON