Published:2026/02/20 Last Updated:2026/02/20
JVN#20049394
WordPress Plugin "Survey Maker" vulnerable to cross-site scripting
Overview
WordPress Plugin "Survey Maker" provided by Ays Pro contains a cross-site scripting vulnerability.
Products Affected
- Survey Maker versions 5.1.7.7 and prior
Description
WordPress Plugin "Survey Maker" provided by Ays Pro contains the following vulnerability.
- Cross-site scripting (CWE-79)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1
- CVE-2026-26370
Impact
An arbitrary script may be executed in a user's web browser.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Ays Pro | Survey Maker |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-26370 |
| JVN iPedia |
JVNDB-2026-000027 |