Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical0
High1
Medium2
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2026-01-26

CVE-2025-13205 - Style And Embed Multiple Forms Of Any Complexity Plugin

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing or incorrect nonce validation on the `SurveyJS_CloneSurvey` AJAX action. This makes it possible for unauthenticated attackers to duplicate surveys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Style And Embed Multiple Forms Of Any Complexity

CVE-2025-13205

MEDIUM CVSS 4.3 2026-01-24
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2025-13194 - Style And Embed Multiple Forms Of Any Complexity Plugin

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce verification on the 'SurveyJS_RenameSurvey' AJAX action. This makes it possible for unauthenticated attackers to rename surveys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Style And Embed Multiple Forms Of Any Complexity

CVE-2025-13194

MEDIUM CVSS 4.3 2026-01-24
Open Full Technical Breakdown
Threat Entry Updated 2025-03-01

CVE-2024-12544 - Style And Embed Multiple Forms Of Any Complexity Plugin

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions up to, and including, 1.12.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This function is still vulnerable…

PLUGIN Style And Embed Multiple Forms Of Any Complexity

CVE-2024-12544

HIGH CVSS 8.8 2025-03-01
Open Full Technical Breakdown
Scroll to top