PT-2025-49190 · WordPress · Surveyfunnel
Deadbee
·
Published
2025-12-05
·
Updated
2025-12-05
·
CVE-2025-13006
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SurveyFunnel – Survey Plugin for WordPress versions up to and including 1.1.5
Description
The SurveyFunnel – Survey Plugin for WordPress is susceptible to exposure of sensitive information. Unauthenticated attackers can extract sensitive data from survey responses through several unprotected REST API endpoints. Specifically, the
/wp-json/surveyfunnel/v2/ endpoints are vulnerable.Recommendations
Versions prior to 1.1.5 should be updated to a newer version.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Surveyfunnel