CVE-2025-12892
📋 TL;DR
The Survey Maker WordPress plugin allows unauthenticated attackers to modify the ays_survey_maker_upgrade_plugin option due to missing capability checks. This vulnerability affects all WordPress sites running Survey Maker versions up to 5.1.9.4, potentially enabling attackers to disrupt plugin functionality or prepare for further attacks.
💻 Affected Systems
- Survey Maker WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could disable or corrupt the plugin, potentially disrupting survey functionality and enabling follow-on attacks through plugin manipulation.
Likely Case
Attackers modify plugin settings to disrupt survey functionality or prepare for future exploitation through stored malicious values.
If Mitigated
Minimal impact with proper network segmentation and monitoring, though plugin functionality could still be disrupted.
🎯 Exploit Status
Simple HTTP request to vulnerable endpoint with no authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.1.9.5
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3394078/survey-maker/tags/5.1.9.5/admin/class-survey-maker-admin.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Survey Maker and click 'Update Now'. 4. Verify version is 5.1.9.5 or higher.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the Survey Maker plugin until patched.
wp plugin deactivate survey-maker
Web Application Firewall Rule
allBlock requests to the vulnerable deactivate_plugin_option() function endpoint.
Add WAF rule to block POST requests containing 'deactivate_plugin_option' in URL or parameters
🧯 If You Can't Patch
- Disable the Survey Maker plugin immediately
- Implement strict network access controls to limit exposure to the WordPress admin interface
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Survey Maker version. If version is 5.1.9.4 or lower, system is vulnerable.Check Version:
wp plugin get survey-maker --field=versionVerify Fix Applied:
Verify Survey Maker plugin version is 5.1.9.5 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=deactivate_plugin_option
- Unusual modifications to wp_options table with option_name like 'ays_survey_maker%'
Network Indicators:
- HTTP POST requests to WordPress admin-ajax.php endpoint with suspicious parameters
SIEM Query:
source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND method="POST" AND (params.action="deactivate_plugin_option" OR params LIKE "%ays_survey_maker%")🔗 References
- https://plugins.trac.wordpress.org/changeset/3394078/survey-maker/tags/5.1.9.5/admin/class-survey-maker-admin.php?old=3389474&old_path=survey-maker%2Ftags%2F5.1.9.4%2Fadmin%2Fclass-survey-maker-admin.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6abc7605-2daa-44a9-8f2f-cbaacbea9348?source=cve
