{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13194", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-14T15:37:10.643Z", "datePublished": "2026-01-24T09:08:08.275Z", "dateUpdated": "2026-04-08T17:14:39.599Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:14:39.599Z"}, "affected": [{"vendor": "devsoftbaltic", "product": "SurveyJS: Drag & Drop Form Builder", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.5.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce verification on the 'SurveyJS_RenameSurvey' AJAX action. This makes it possible for unauthenticated attackers to rename surveys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Renaming", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab88f0cf-971f-43e1-b6b7-4eb55188ecc8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/surveyjs/tags/1.12.20/ajax_handlers/rename_survey.php#L12"}, {"url": "https://plugins.trac.wordpress.org/changeset/3446910/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Nur Ibnu Hubab"}], "timeline": [{"time": "2026-01-23T20:33:35.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-26T17:39:34.025603Z", "id": "CVE-2025-13194", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-26T17:39:41.909Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13194", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-26T17:39:34.025603Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-26T17:39:37.858Z"}}], "cna": {"title": "SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 2.5.2 - Cross-Site Request Forgery to Survey Renaming", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Nur Ibnu Hubab"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "devsoftbaltic", "product": "SurveyJS: Drag & Drop Form Builder", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.5.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-23T20:33:35.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab88f0cf-971f-43e1-b6b7-4eb55188ecc8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/surveyjs/tags/1.12.20/ajax_handlers/rename_survey.php#L12"}, {"url": "https://plugins.trac.wordpress.org/changeset/3446910/"}], "descriptions": [{"lang": "en", "value": "The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce verification on the 'SurveyJS_RenameSurvey' AJAX action. This makes it possible for unauthenticated attackers to rename surveys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:14:39.599Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13194", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:14:39.599Z", "dateReserved": "2025-11-14T15:37:10.643Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-24T09:08:08.275Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce verification on the 'SurveyJS_RenameSurvey' AJAX action. This makes it possible for unauthenticated attackers to rename surveys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El plugin SurveyJS: Drag &amp; Drop WordPress Form Builder para crear, dise\u00f1ar e incrustar m\u00faltiples formularios de cualquier complejidad para WordPress es vulnerable a la falsificaci\u00f3n de petici\u00f3n en sitios cruzados en todas las versiones hasta la 1.12.20, inclusive. Esto se debe a la falta de verificaci\u00f3n de nonce en la acci\u00f3n AJAX 'SurveyJS_RenameSurvey'. Esto hace posible que atacantes no autenticados renombren encuestas a trav\u00e9s de una petici\u00f3n falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-13194", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-24T09:15:51.713", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/surveyjs/tags/1.12.20/ajax_handlers/rename_survey.php#L12"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3446910/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab88f0cf-971f-43e1-b6b7-4eb55188ecc8?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T23:52:49.115717+00:00", "value": {"mitigation_remediation": ["Update the SurveyJS plugin to the latest version that includes nonce verification for the rename action.", "If an immediate plugin update is not feasible, restrict access to the 'SurveyJS_RenameSurvey' endpoint so that only logged\u2011in administrators can invoke it and block anonymous requests.", "Add a custom WordPress filter or server rule to enforce CSRF token validation on the rename AJAX action until the official patch is applied.", "Monitor the WP Admin dashboard or audit logs for unexpected survey name changes and alert site owners if such events occur."], "summary": {"action": "Apply plugin update", "impact": "Impersonated administrative action: unauthorized survey renaming via CSRF"}, "threat_synthesis": {"affected_systems": "This vulnerability affects the devsoftbaltic SurveyJS: Drag & Drop Form Builder plugin for WordPress. All releases through and including 2.5.2 are impacted. No other vendors or products are listed.", "description_and_impact": "The SurveyJS WordPress plugin, up to version 2.5.2, lacks a nonce check on the 'SurveyJS_RenameSurvey' AJAX endpoint, creating a Cross\u2011Site Request Forgery flaw (CWE\u2011352). This missing verification allows an unauthenticated attacker to send a forged request that, when an administrator follows a crafted link, triggers the survey renaming operation. The primary consequence is the unauthorized alteration of survey data, potentially disrupting form workflows and misleading site visitors, but it does not provide code execution or broader system compromise.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a low\u2011to\u2011medium impact level, rather than moderate, as per the CVE data. The EPSS score of below 1% indicates a currently low probability of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. The attack vector is a typical CSRF scenario: the attacker convinces an authenticated admin to visit a crafted URL that submits the rename request. Because the action does not scan the request for a nonce, the server accepts it as legitimate, and the survey name is altered. Due to the necessity of an authenticated administrator and no additional privileges, the risk remains contained but still warrants attention."}}}}, "created": "2026-01-26T11:48:39.241368+00:00", "updated": "2026-04-22T00:00:03.947365+00:00", "vendors": ["devsoftbaltic", "devsoftbaltic$PRODUCT$surveyjs_drag_drop_wordpress_form_builder", "wordpress", "wordpress$PRODUCT$wordpress"]}