CVE-2025-10196

Name of the Vulnerable Software and Affected Versions Survey Anyplace plugin for WordPress versions prior to 1.0.1

Description The software contains a Stored Cross-Site Scripting issue stemming from insufficient input sanitization and output escaping on user-supplied attributes within the 'surveyanyplace embed' shortcode. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page.

Recommendations Update the Survey Anyplace plugin to version 1.0.1 or later.