CVE-2023-0038: XSS
First published: Tue Jan 03 2023(Updated: )
The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts when submitting quizzes that will execute whenever a user accesses the submissions page.
Credit: security@wordfence.com security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ays-pro Survey Maker | <=3.1.3 | |
| <=3.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the Survey Maker plugin?
The vulnerability ID for the Survey Maker plugin is CVE-2023-0038.
What is the severity of CVE-2023-0038?
The severity of CVE-2023-0038 is high with a CVSS score of 6.1.
How does the vulnerability in the Survey Maker plugin occur?
The vulnerability in the Survey Maker plugin is a Stored Cross-Site Scripting (XSS) vulnerability that occurs due to insufficient input sanitization and output escaping in the handling of survey answers.
What is the affected software version for CVE-2023-0038?
The affected software version for CVE-2023-0038 is up to and including version 3.1.3 of the Survey Maker plugin.
Is authentication required to exploit CVE-2023-0038?
No, authentication is not required to exploit CVE-2023-0038.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/ays-pro
- canonical/ays-pro survey maker
- version/ays-pro survey maker/3.1.3