Description
Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker survey-maker allows Identity Spoofing.This issue affects Survey Maker: from n/a through <= 5.1.6.3.
Published: 2025-04-10
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Ays Pro Survey Maker contains an authentication bypass vulnerability that allows an attacker to spoof identities by forging credentials. By exploiting this flaw, an adversary can impersonate legitimate users and gain unauthorized access to survey creation, editing, or configuration functions. The impact is the loss of confidentiality and integrity over survey data and the potential to manipulate results. The vulnerability is identified as CWE-290, indicating an authorization bypass through user controlled data.

Affected Systems

WordPress installations that use the Ays Pro Survey Maker plugin, versions from the earliest available release up to and including 5.1.6.3.

Risk and Exploitability

The CVSS score of 4.3 places this issue in the moderate range, while the EPSS score of less than 1% indicates a low likelihood of exploitation. The vulnerability is not listed in CISA KEV, but the potential for identity spoofing suggests that any exposed instance should be treated with caution. The attack vector is likely remote, accessed through the web interface of the plugin; the description does not explicitly state the specific request type, so the exact exploitation pathway is inferred from typical authentication bypass patterns.

Generated by OpenCVE AI on April 30, 2026 at 23:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest update for the Survey Maker plugin that fixes the authentication bypass.
  • Restrict access to survey management pages so that only users with explicit administrative or survey‑creation roles can reach them.
  • Ensure that all user accounts interacting with the plugin have the minimum required permissions and that role‑based access controls are enforced.

Generated by OpenCVE AI on April 30, 2026 at 23:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-10444 Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker allows Identity Spoofing. This issue affects Survey Maker: from n/a through 5.1.5.4.
History

Wed, 29 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker allows Identity Spoofing. This issue affects Survey Maker: from n/a through 5.1.5.4. Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker survey-maker allows Identity Spoofing.This issue affects Survey Maker: from n/a through <= 5.1.6.3.
Title WordPress Survey Maker plugin <= 5.1.5.4 - Bypass vulnerability WordPress Survey Maker plugin <= 5.1.6.3 - Bypass vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Mon, 14 Apr 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Ays-pro
Ays-pro survey Maker
CPEs cpe:2.3:a:ays-pro:survey_maker:*:*:*:*:*:wordpress:*:*
Vendors & Products Ays-pro
Ays-pro survey Maker

Thu, 10 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 10 Apr 2025 08:15:00 +0000

Type Values Removed Values Added
Description Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker allows Identity Spoofing. This issue affects Survey Maker: from n/a through 5.1.5.4.
Title WordPress Survey Maker plugin <= 5.1.5.4 - Bypass vulnerability
Weaknesses CWE-290
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Ays-pro Survey Maker
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-29T09:51:54.971Z

Reserved: 2025-04-04T10:02:30.559Z

Link: CVE-2025-32275

cve-icon Vulnrichment

Updated: 2025-04-10T15:34:06.742Z

cve-icon NVD

Status : Modified

Published: 2025-04-10T08:15:20.847

Modified: 2026-04-29T10:16:46.003

Link: CVE-2025-32275

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T23:30:03Z

Weaknesses