Search criteria
5 vulnerabilities found for Survey Maker by AYS Pro Plugins
CVE-2023-35764 (GCVE-0-2023-35764)
Vulnerability from cvelistv5 – Published: 2024-04-03 07:10 – Updated: 2024-08-12 20:21
VLAI?
Summary
Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting.
Severity ?
5.3 (Medium)
CWE
- Insufficient verification of data authenticity
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AYS Pro Plugins | Survey Maker |
Affected:
prior to 4.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:44.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/survey-maker/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN51098626/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ays-pro:survey_maker:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "survey_maker",
"vendor": "ays-pro",
"versions": [
{
"lessThan": "4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-35764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T20:18:24.312370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T20:21:25.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Survey Maker",
"vendor": "AYS Pro Plugins",
"versions": [
{
"status": "affected",
"version": "prior to 4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient verification of data authenticity",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T07:10:07.459Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://wordpress.org/plugins/survey-maker/"
},
{
"url": "https://jvn.jp/en/jp/JVN51098626/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-35764",
"datePublished": "2024-04-03T07:10:07.459Z",
"dateReserved": "2023-08-24T08:08:43.129Z",
"dateUpdated": "2024-08-12T20:21:25.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34423 (GCVE-0-2023-34423)
Vulnerability from cvelistv5 – Published: 2024-04-03 07:09 – Updated: 2024-11-06 14:40
VLAI?
Summary
Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the administrative privilege.
Severity ?
6.1 (Medium)
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AYS Pro Plugins | Survey Maker |
Affected:
prior to 3.6.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-34423",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T17:42:37.716453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T14:40:54.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/survey-maker/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN51098626/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Survey Maker",
"vendor": "AYS Pro Plugins",
"versions": [
{
"status": "affected",
"version": "prior to 3.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the administrative privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T07:09:42.923Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://wordpress.org/plugins/survey-maker/"
},
{
"url": "https://jvn.jp/en/jp/JVN51098626/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-34423",
"datePublished": "2024-04-03T07:09:42.923Z",
"dateReserved": "2023-08-24T08:08:44.050Z",
"dateUpdated": "2024-11-06T14:40:54.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35764 (GCVE-0-2023-35764)
Vulnerability from nvd – Published: 2024-04-03 07:10 – Updated: 2024-08-12 20:21
VLAI?
Summary
Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting.
Severity ?
5.3 (Medium)
CWE
- Insufficient verification of data authenticity
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AYS Pro Plugins | Survey Maker |
Affected:
prior to 4.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:44.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/survey-maker/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN51098626/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ays-pro:survey_maker:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "survey_maker",
"vendor": "ays-pro",
"versions": [
{
"lessThan": "4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-35764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T20:18:24.312370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T20:21:25.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Survey Maker",
"vendor": "AYS Pro Plugins",
"versions": [
{
"status": "affected",
"version": "prior to 4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient verification of data authenticity",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T07:10:07.459Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://wordpress.org/plugins/survey-maker/"
},
{
"url": "https://jvn.jp/en/jp/JVN51098626/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-35764",
"datePublished": "2024-04-03T07:10:07.459Z",
"dateReserved": "2023-08-24T08:08:43.129Z",
"dateUpdated": "2024-08-12T20:21:25.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34423 (GCVE-0-2023-34423)
Vulnerability from nvd – Published: 2024-04-03 07:09 – Updated: 2024-11-06 14:40
VLAI?
Summary
Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the administrative privilege.
Severity ?
6.1 (Medium)
CWE
- Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AYS Pro Plugins | Survey Maker |
Affected:
prior to 3.6.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-34423",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T17:42:37.716453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T14:40:54.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/survey-maker/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN51098626/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Survey Maker",
"vendor": "AYS Pro Plugins",
"versions": [
{
"status": "affected",
"version": "prior to 3.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the administrative privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T07:09:42.923Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://wordpress.org/plugins/survey-maker/"
},
{
"url": "https://jvn.jp/en/jp/JVN51098626/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-34423",
"datePublished": "2024-04-03T07:09:42.923Z",
"dateReserved": "2023-08-24T08:08:44.050Z",
"dateUpdated": "2024-11-06T14:40:54.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2024-000035
Vulnerability from jvndb - Published: 2024-03-27 14:48 - Updated:2024-03-27 14:48
Severity ?
Summary
Multiple vulnerabilities in WordPress Plugin "Survey Maker"
Details
WordPress Plugin "Survey Maker" provided by AYS Pro Plugins contains multiple vulnerabilities listed below.
- Stored cross-site scripting (CWE-79) - CVE-2023-34423
- Insufficient verification of data authenticity (CWE-345) - CVE-2023-35764
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000035.html",
"dc:date": "2024-03-27T14:48+09:00",
"dcterms:issued": "2024-03-27T14:48+09:00",
"dcterms:modified": "2024-03-27T14:48+09:00",
"description": "WordPress Plugin \"Survey Maker\" provided by AYS Pro Plugins contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eStored cross-site scripting (CWE-79) - CVE-2023-34423\u003c/li\u003e\r\n\u003cli\u003eInsufficient verification of data authenticity (CWE-345) - CVE-2023-35764\u003c/li\u003e\u003c/ul\u003e\r\nAtsuya Yoda of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000035.html",
"sec:cpe": [
{
"#text": "cpe:/a:ays-pro_plugins:survey_maker",
"@product": "Survey Maker",
"@vendor": "AYS Pro Plugins",
"@version": "2.2"
},
{
"#text": "cpe:/a:ays-pro_plugins:survey_maker",
"@product": "Survey Maker",
"@vendor": "AYS Pro Plugins",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000035",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN51098626/index.html",
"@id": "JVN#51098626",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-34423",
"@id": "CVE-2023-34423",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-35764",
"@id": "CVE-2023-35764",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in WordPress Plugin \"Survey Maker\""
}