WordPress Plugin Vulnerabilities

Survey Maker < 5.1.6.4 - Unauthenticated Authorization Bypass

Description

The plugin is vulnerable to authorization bypass. This makes it possible for unauthenticated attackers to by bypass some level of control, though it is unclear what this means from the original reporting CNA.

Affects Plugins

Plugin icon
survey-maker
Fixed in 5.1.6.4

References

CVE
CVE-2025-32275
URL
https://patchstack.com/database/wordpress/plugin/survey-maker/vulnerability/wordpress-survey-maker-plugin-5-1-5-0-bypass-vulnerability-vulnerability

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
astra.r3verii
Verified
No
WPVDB ID
32cc9fad-2e24-4611-8d2c-f465a85f79ff

Timeline

Publicly Published
2025-04-07 (about 1 year ago)
Added
2025-04-15 (about 1 year ago)
Last Updated
2025-05-27 (about 1 year ago)

Other

Published
Title
Published
2024-12-17
Title
Biagiotti Membership < 1.1 - Authentication Bypass via biagiotti_membership_check_facebook_user
Published
2024-11-28
Title
Icegram Engage < 3.1.32 - Admin+ Stored XSS
Published
2025-11-04
Title
KiotViet Sync <= 1.8.5 - Authorization Bypass via Use of Hard-coded Password
Published
2024-10-10
Title
Pedalo Connector <= 2.0.5 - Authentication Bypass to Administrator
Published
2024-10-22
Title
WooCommerce Order Proposal < 2.0.6 - Authenticated (Shop Manager+) Privilege Escalation via Order Proposal