CVE-2025-13205

Name of the Vulnerable Software and Affected Versions SurveyJS: Drag & Drop WordPress Form Builder versions prior to 1.12.21

Description The plugin is susceptible to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on the SurveyJS CloneSurvey AJAX action. An unauthenticated attacker can duplicate surveys by forging a request if they can trick a site administrator into performing an action, such as clicking a link.

Recommendations Update to version 1.12.21 or later.