Cross-Site Scripting Issue...?

Open bbass444 opened this issue 2 months ago • 0 comments

My WordFence instance is warning about a vulnerability for Cross-Site Scripting affecting the current version:

"The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.12.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/surveyjs/surveyjs-11220-authenticated-contributor-stored-cross-site-scripting

Is this anything to worry about? Is there a remedy? Thanks!

Sep 15 '25 16:09 bbass444