CVE-2025-28878 MEDIUM

CVE-2025-28878: WordPress Awesome Surveys plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability

Vendor Will Brubaker

Product Awesome Surveys

Weakness CWE-79 · XSS

Published March 11, 2025

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

5.9/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Will Brubaker Awesome Surveys awesome-surveys allows Stored XSS.This issue affects Awesome Surveys: from n/a through <= 2.0.10.

Key dates

02Disclosure timeline

March 11, 2025 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-28878

Related vulnerabilities

04Related CVE

CVE-2023-43703 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) CVE-2023-40045 WS_FTP Server Ad Hoc Transfer Module Reflected Cross-Site Scripting Vulnerability CVE-2024-1257 Jspxcms find_text.do cross site scripting CVE-2022-2690 SourceCodester Wedding Hall Booking System Booking Form cross site scripting CVE-2025-6229 Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Fancy Text Widget` And `Countdown Widget`