CVE-2023-2572: Survey Maker < 3.4.7 - Reflected XSS
First published: Mon Jun 05 2023(Updated: )
The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ays-pro Survey Maker | <3.4.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Survey Maker WordPress plugin vulnerability?
The vulnerability ID for the Survey Maker WordPress plugin vulnerability is CVE-2023-2572.
What is the severity of CVE-2023-2572?
The severity of CVE-2023-2572 is medium with a severity value of 6.1.
What is the affected software for CVE-2023-2572?
The affected software for CVE-2023-2572 is the Survey Maker WordPress plugin version up to and excluding 3.4.7.
What is the description of CVE-2023-2572?
CVE-2023-2572 is a vulnerability in the Survey Maker WordPress plugin before version 3.4.7 that allows Reflected Cross-Site Scripting, which can be exploited against high privilege users like admin.
How can I mitigate the vulnerability in the Survey Maker WordPress plugin?
To mitigate the vulnerability, update to version 3.4.7 or later of the Survey Maker WordPress plugin.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/title
- agent/references
- agent/event
- agent/description
- agent/first-publish-date
- agent/tags
- vendor/ays-pro
- canonical/ays-pro survey maker