CVE-2025-12891
📋 TL;DR
The Survey Maker WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to view all survey submissions. This affects all WordPress sites using Survey Maker plugin versions up to 5.1.9.4. The vulnerability exists in an AJAX endpoint that lacks proper capability checks.
💻 Affected Systems
- Survey Maker WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
All survey responses containing potentially sensitive user data are exposed to unauthorized parties, leading to data breach and privacy violations.
Likely Case
Unauthorized access to survey results containing personal information, preferences, or other sensitive data submitted by users.
If Mitigated
Limited exposure if surveys don't collect sensitive data, but still violates data privacy expectations.
🎯 Exploit Status
Simple HTTP request to vulnerable endpoint with no authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.1.9.5
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3394078/survey-maker/tags/5.1.9.5/admin/class-survey-maker-admin.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find Survey Maker plugin
4. Click 'Update Now' if available
5. Or download version 5.1.9.5+ from WordPress repository
6. Deactivate old version and upload new version
7. Activate updated plugin
🔧 Temporary Workarounds
Disable vulnerable AJAX endpoint
allAdd capability check to block unauthorized access to the vulnerable endpoint
Add capability check in WordPress theme functions.php or custom plugin:
add_action('wp_ajax_ays_survey_show_results', 'secure_survey_endpoint', 1);
add_action('wp_ajax_nopriv_ays_survey_show_results', 'secure_survey_endpoint', 1);
function secure_survey_endpoint() {
if (!current_user_can('manage_options')) {
wp_die('Unauthorized access');
}
}
🧯 If You Can't Patch
- Deactivate Survey Maker plugin immediately
- Implement web application firewall rules to block requests to /wp-admin/admin-ajax.php with action=ays_survey_show_results
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Survey Maker version. If version is 5.1.9.4 or lower, system is vulnerable.Check Version:
wp plugin list --name=survey-maker --field=version (if WP-CLI installed)Verify Fix Applied:
After update, verify plugin version shows 5.1.9.5 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Multiple POST requests to /wp-admin/admin-ajax.php with action=ays_survey_show_results from unauthenticated users
- Unusual access patterns to survey results pages
Network Indicators:
- HTTP POST requests to WordPress AJAX endpoint with specific action parameter
- Traffic to survey results without authentication cookies
SIEM Query:
source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND post_data="action=ays_survey_show_results" AND NOT user_agent="WordPress/*"🔗 References
- https://plugins.trac.wordpress.org/changeset/3394078/survey-maker/tags/5.1.9.5/admin/class-survey-maker-admin.php?old=3389474&old_path=survey-maker%2Ftags%2F5.1.9.4%2Fadmin%2Fclass-survey-maker-admin.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/835353e7-871d-4daf-9ed4-86321daf2366?source=cve
