CVE-2023-23490

HIGH

Survey Maker WordPress Plugin < 3.1.2 - Authenticated SQL Injection via surveys_ids Parameter

Title source: llm
STIX 2.1

Description

The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0234
EPSS Percentile 81.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
ays-pro/survey_maker < 3.1.2
Published Jan 20, 2023
Tracked Since Feb 18, 2026