Home

Description

The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via survey result submissions. This is due to insufficient input sanitization and output escaping. The public survey page exposes the nonce required for submission, allowing unauthenticated attackers to submit HTML-encoded payloads that are decoded and rendered as executable HTML when an administrator views survey results, leading to stored XSS in the admin context.

PUBLISHED Reserved 2026-02-12 | Published 2026-03-21 | Updated 2026-04-08 | Assigner Wordfence




HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
unaffected

Any version
affected

Timeline

2026-03-20:Disclosed

Credits

Daniel Basta finder

References

www.wordfence.com/...-940f-46b6-9880-34d730adad3c?source=cve

plugins.trac.wordpress.org/.../ajax_handlers/save_result.php

plugins.trac.wordpress.org/...s/tags/2.5.2/views/results.php

cve.org (CVE-2026-2440)

nvd.nist.gov (CVE-2026-2440)

Download JSON