{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-35764", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2023-08-24T08:08:43.129Z", "datePublished": "2024-04-03T07:10:07.459Z", "dateUpdated": "2024-08-12T20:21:25.142Z"}, "containers": {"cna": {"affected": [{"vendor": "AYS Pro Plugins", "product": "Survey Maker", "versions": [{"version": "prior to 4.1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting."}], "problemTypes": [{"descriptions": [{"description": "Insufficient verification of data authenticity", "lang": "en", "type": "text"}]}], "references": [{"url": "https://wordpress.org/plugins/survey-maker/"}, {"url": "https://jvn.jp/en/jp/JVN51098626/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-04-03T07:10:07.459Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:30:44.898Z"}, "title": "CVE Program Container", "references": [{"url": "https://wordpress.org/plugins/survey-maker/", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN51098626/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-345", "lang": "en", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "affected": [{"vendor": "ays-pro", "product": "survey_maker", "cpes": ["cpe:2.3:a:ays-pro:survey_maker:*:*:*:*:*:wordpress:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.1.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-12T20:18:24.312370Z", "id": "CVE-2023-35764", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T20:21:25.142Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://wordpress.org/plugins/survey-maker/", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN51098626/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:30:44.898Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-35764", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-12T20:18:24.312370Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ays-pro:survey_maker:*:*:*:*:*:wordpress:*:*"], "vendor": "ays-pro", "product": "survey_maker", "versions": [{"status": "affected", "version": "0", "lessThan": "4.1.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T20:19:23.313Z"}}], "cna": {"affected": [{"vendor": "AYS Pro Plugins", "product": "Survey Maker", "versions": [{"status": "affected", "version": "prior to 4.1.0"}]}], "references": [{"url": "https://wordpress.org/plugins/survey-maker/"}, {"url": "https://jvn.jp/en/jp/JVN51098626/"}], "descriptions": [{"lang": "en", "value": "Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Insufficient verification of data authenticity"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-04-03T07:10:07.459Z"}}}, "cveMetadata": {"cveId": "CVE-2023-35764", "state": "PUBLISHED", "dateUpdated": "2024-08-12T20:21:25.142Z", "dateReserved": "2023-08-24T08:08:43.129Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-04-03T07:10:07.459Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ays-pro:survey_maker:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5EEA6AD7-C5B4-4167-88AA-C22A086DEEBB", "versionEndExcluding": "3.6.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting."}, {"lang": "es", "value": "El problema de verificaci\u00f3n insuficiente de la autenticidad de los datos en Survey Maker antes de la versi\u00f3n 3.6.4 permite que un atacante remoto no autenticado falsifique una direcci\u00f3n IP al publicar."}], "id": "CVE-2023-35764", "lastModified": "2025-10-10T17:18:24.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-03T08:15:49.057", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN51098626/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://wordpress.org/plugins/survey-maker/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN51098626/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://wordpress.org/plugins/survey-maker/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}