WordPress Plugin Vulnerabilities

Survey Maker < 2.0.7 - Unauthenticated Store Cross-Site Scripting

Description

The plugin is affected by an unauthenticated Stored Cross-Site Scripting issue

Affects Plugins

Plugin icon
survey-maker
Fixed in 2.0.7

References

CVE
CVE-2021-26256

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
Ngo Van Thien
Verified
No
WPVDB ID
821a2cdb-5077-48d7-9bfe-0226f2f7350a

Timeline

Publicly Published
2021-12-03 (about 4 years ago)
Added
2022-02-21 (about 4 years ago)
Last Updated
2022-04-10 (about 3 years ago)

Other

Published
Title
Published
2025-11-07
Title
Mang Board WP < 2.3.2 - Reflected Cross-Site Scripting
Published
2024-01-26
Title
Exclusive Addons for Elementor < 2.6.9 - Contributor+ Stored XSS
Published
2025-12-30
Title
e-shops <= 1.0.4 - Reflected Cross-Site Scripting
Published
2024-11-07
Title
Element Pack Elementor Addons < 5.10.3 - Contributor+ Stored XSS
Published
2023-03-14
Title
Admin side data storage for Contact Form 7 <= 1.1.1 - Unauthenticated Reflected XSS