What is CVE-2025-13205 — CSRF in SurveyJS Drag & Drop Form Builder?

CVE-2025-13205 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 1.0.0–2.5.2 of the SurveyJS Drag & Drop Form Builder WordPress plugin, allowing unauthorized survey duplication.

Am I affected by CVE-2025-13205 in SurveyJS Drag & Drop Form Builder?

If you are using SurveyJS Drag & Drop Form Builder version 1.0.0 through 2.5.2 on your WordPress site, you are potentially affected by this vulnerability.

How do I fix CVE-2025-13205 in SurveyJS Drag & Drop Form Builder?

Upgrade the SurveyJS Drag & Drop Form Builder plugin to version 2.5.3 or later to resolve the vulnerability. Implement WAF rules as a temporary mitigation.

Is CVE-2025-13205 being actively exploited?

While no active exploitation has been confirmed, the vulnerability is relatively easy to exploit, so potential for exploitation exists.

Where can I find the official SurveyJS advisory for CVE-2025-13205?

Refer to the official SurveyJS security advisory for detailed information and updates: [https://surveyjs.io/security/CVE-2025-13205](https://surveyjs.io/security/CVE-2025-13205)

CVE-2025-13205 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2025-13205 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• wordpress / composer / npm:

grep -r 'SurveyJS_CloneSurvey' /var/www/html/wp-content/plugins/survey-js-drag-and-drop-form-builder/

• generic web:

curl -I https://example.com/wp-admin/admin-ajax.php?action=SurveyJS_CloneSurvey  # Check for lack of CSRF token

SurveyJS: Drag & Drop WordPress Form Builder para criar, estilizar e incorporar múltiplas formas de qualquer complexidade <= 2.5.2 - Cross-Site Request Forgery para Clonagem de Survey

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigir

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2025-13205 — CSRF in SurveyJS Drag & Drop Form Builder?

Am I affected by CVE-2025-13205 in SurveyJS Drag & Drop Form Builder?

How do I fix CVE-2025-13205 in SurveyJS Drag & Drop Form Builder?

Is CVE-2025-13205 being actively exploited?

Where can I find the official SurveyJS advisory for CVE-2025-13205?

Informações do pacote

Seu projeto está afetado?

Detecte esta CVE no seu projeto