Survey Maker < 3.1.4 – Unauthenticated Stored XSS | CVE 2023-0038

Affects Plugins

survey-maker

Fixed in 3.1.4

References

CVE

CVE-2023-0038

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

8.8 (high)

Miscellaneous

Original Researcher

Chloe Chamberland

Verified

No

WPVDB ID

5b2fbbb5-6fa6-433c-818d-c5643fe42bfa

Timeline

Publicly Published

2023-01-03 (about 3 years ago)

Added

2023-01-03 (about 3 years ago)

Last Updated

2023-01-03 (about 3 years ago)

Other

Published

Title

Published

2023-06-22

Title

Event Manager for WooCommerce < 3.9.6 - Editor+ Stored Cross-Site Scripting

Published

2025-04-21

Title

WP Import Export Lite < 3.9.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

Published

2024-12-05

Title

Event Tickets with Ticket Scanner < 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

Published

2023-01-23

Title

Image and Video Lightbox, Image PopUp < 2.1.6 - Admin+ Stored XSS

Published

2014-08-01

Title

jaspreetchahals-coupons-lite <= 2.1 - XSS in ZeroClipboard