Refine your search
2 vulnerabilities found for User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds by smub
CVE-2025-10694 (GCVE-0-2025-10694)
Vulnerability from nvd
Published
2025-10-25 05:31
Modified
2025-10-27 15:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `maybe_load_onboarding_wizard` function in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to access the onboarding wizard page and view configuration information including the administrator email address.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| smub | User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds |
Version: * ≤ 1.8.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:57:28.708214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:57:39.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds",
"vendor": "smub",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Ngoc Quang Bach"
}
],
"descriptions": [
{
"lang": "en",
"value": "The User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `maybe_load_onboarding_wizard` function in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to access the onboarding wizard page and view configuration information including the administrator email address."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-25T05:31:22.739Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9026b417-4b35-4bec-9dc6-6797661dc7a8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3378233/userfeedback-lite/trunk/includes/admin/class-userfeedback-onboarding-wizard.php?old=3354862\u0026old_path=userfeedback-lite%2Ftrunk%2Fincludes%2Fadmin%2Fclass-userfeedback-onboarding-wizard.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-11T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-09-18T15:57:46.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-24T17:09:00.000+00:00",
"value": "Disclosed"
}
],
"title": "User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds \u003c= 1.8.0 - Missing Authorization to Information Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10694",
"datePublished": "2025-10-25T05:31:22.739Z",
"dateReserved": "2025-09-18T15:41:28.436Z",
"dateUpdated": "2025-10-27T15:57:39.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10694 (GCVE-0-2025-10694)
Vulnerability from cvelistv5
Published
2025-10-25 05:31
Modified
2025-10-27 15:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `maybe_load_onboarding_wizard` function in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to access the onboarding wizard page and view configuration information including the administrator email address.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| smub | User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds |
Version: * ≤ 1.8.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:57:28.708214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:57:39.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds",
"vendor": "smub",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Ngoc Quang Bach"
}
],
"descriptions": [
{
"lang": "en",
"value": "The User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `maybe_load_onboarding_wizard` function in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to access the onboarding wizard page and view configuration information including the administrator email address."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-25T05:31:22.739Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9026b417-4b35-4bec-9dc6-6797661dc7a8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3378233/userfeedback-lite/trunk/includes/admin/class-userfeedback-onboarding-wizard.php?old=3354862\u0026old_path=userfeedback-lite%2Ftrunk%2Fincludes%2Fadmin%2Fclass-userfeedback-onboarding-wizard.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-11T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-09-18T15:57:46.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-24T17:09:00.000+00:00",
"value": "Disclosed"
}
],
"title": "User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds \u003c= 1.8.0 - Missing Authorization to Information Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10694",
"datePublished": "2025-10-25T05:31:22.739Z",
"dateReserved": "2025-09-18T15:41:28.436Z",
"dateUpdated": "2025-10-27T15:57:39.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}