WP-Safety

UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Security & Risk Analysis

wordpress.org/plugins/userfeedback-lite

Ultimate user feedback plugin to ask questions, surveys, polls, from your website in seconds

200K active installs v1.11.1 PHP 5.6+ WP 5.9.0+ Updated Mar 11, 2026
analyticsfeedbacksurveysuser-feedbackwebsite-feedback
88
A · Safe
CVEs total7
Unpatched0
Last CVEDec 22, 2025
Plugin page Download
Safety Verdict

Is UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Safe to Use in 2026?

Generally Safe

Score 88/100

UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Dec 22, 2025Updated 22d ago
Risk Assessment

The userfeedback-lite plugin version 1.11.1 exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of prepared statements for SQL queries and properly escaped output, the presence of unprotected entry points in both AJAX handlers and REST API routes is a significant concern. The static analysis reveals 5 unprotected entry points out of a total of 48, which could be exploited by unauthenticated users. The vulnerability history, with 7 known CVEs including high-severity SQL Injection, Cross-site Scripting, and Missing Authorization, further raises red flags. Although there are currently no unpatched CVEs, the recurring nature of these critical vulnerability types suggests a historical pattern of insecure coding practices that require careful attention. Despite the positive aspects of code sanitization and prepared statements, the unprotected entry points and the past vulnerability record necessitate caution.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • High number of known CVEs
  • Previous high-severity SQL Injection vulnerabilities
  • Previous high-severity XSS vulnerabilities
  • Previous high-severity Missing Authorization vulnerabilities
Vulnerabilities
7

UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Security Vulnerabilities

CVEs by Year

3 CVEs in 2023
2023
2 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
3
Medium
4

7 total CVEs

CVE-2025-68496medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

User Feedback <= 1.10.0 - Authenticated (Editor+) SQL Injection

Dec 22, 2025 Patched in 1.10.1 (15d)
CVE-2025-10694medium · 5.3Missing Authorization

User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Information Disclosure

Oct 24, 2025 Patched in 1.9.0 (1d)
CVE-2024-5902high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

UserFeedback Lite <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Name Parameter

Jul 12, 2024 Patched in 1.0.16 (1d)
CVE-2024-0903medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.0.13 - Unauthenticated Stored Cross-Site Scripting

Feb 21, 2024 Patched in 1.0.14 (1d)
CVE-2023-50887medium · 5.3Missing Authorization

User Feedback <= 1.0.10 - Missing Authorization

Dec 26, 2023 Patched in 1.0.11 (28d)
CVE-2023-46153high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

User Feedback <= 1.0.9 - Unauthenticated Cross-Site Scripting

Oct 17, 2023 Patched in 1.0.10 (98d)
CVE-2023-39308high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

User Feedback <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting

Sep 4, 2023 Patched in 1.0.8 (141d)
Code Analysis
Analyzed Mar 16, 2026

UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
31 prepared
Unescaped Output
48
243 escaped
Nonce Checks
20
Capability Checks
25
File Operations
3
External Requests
7
Bundled Libraries
0

SQL Query Safety

84% prepared37 total queries

Output Escaping

84% escaped291 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
userfeedback_ajax_vue_remove_notice (includes\admin\ajax.php:53)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Attack Surface

Entry Points48
Unprotected5

AJAX Handlers 20

authwp_ajax_userfeedback_deactivate_addonincludes\admin\addons.php:196
authwp_ajax_userfeedback_install_addonincludes\admin\addons.php:274
authwp_ajax_userfeedback_activate_addonincludes\admin\addons.php:366
authwp_ajax_userfeedback_get_addonsincludes\admin\addons.php:387
authwp_ajax_userfeedback_ajax_dismiss_noticeincludes\admin\ajax.php:51
authwp_ajax_userfeedback_ajax_vue_remove_noticeincludes\admin\ajax.php:73
authwp_ajax_userfeedback_ajax_vue_remove_wp_noticeincludes\admin\ajax.php:97
authwp_ajax_userfeedback_vue_onboarding_completeincludes\admin\ajax.php:117
authwp_ajax_userfeedback_vue_onboarding_drip_opt_inincludes\admin\ajax.php:156
authwp_ajax_userfeedback_vue_onboarding_stepincludes\admin\ajax.php:174
authwp_ajax_userfeedback_validate_settings_blurbincludes\admin\ajax.php:187
authwp_ajax_userfeedback_dismiss_settings_blurbincludes\admin\ajax.php:199
authwp_ajax_userfeedback_review_dismissincludes\admin\class-userfeedback-review.php:25
authwp_ajax_userfeedback_install_pluginincludes\admin\plugins.php:114
authwp_ajax_userfeedback_activate_pluginincludes\admin\plugins.php:142
authwp_ajax_userfeedback_get_pluginsincludes\admin\plugins.php:459
authwp_ajax_userfeedback_send_test_summary_emailincludes\emails\class-userfeedback-email-summaries.php:77
authwp_ajax_userfeedback_hide_admin_menu_tooltipincludes\helpers.php:927
authwp_ajax_userfeedback_connect_urllite\includes\admin\class-userfeedback-connect.php:11
noprivwp_ajax_userfeedback_connect_processlite\includes\admin\class-userfeedback-connect.php:12

REST API Routes 28

GET/wp-json/userfeedback/v1/ai-summary/(?P<id>\w+)/includes\admin\class-userfeedback-ai-survey-summary.php:36
GET/wp-json/userfeedback/v1/preload-ai-summary/(?P<id>\w+)/includes\admin\class-userfeedback-ai-survey-summary.php:46
GET/wp-json/userfeedback/v1/logic-typeincludes\admin\class-userfeedback-logic-type.php:32
GET/wp-json/userfeedback/v1/notificationsincludes\admin\class-userfeedback-notifications.php:57
POST/wp-json/userfeedback/v1/notifications/(?P<id>\w+)/dismissincludes\admin\class-userfeedback-notifications.php:67
POST/wp-json/userfeedback/v1/notifications/actionincludes\admin\class-userfeedback-notifications.php:77
GET/wp-json/userfeedback/v1/results-summaryincludes\admin\class-userfeedback-results.php:31
GET/wp-json/userfeedback/v1/surveys/(?P<id>\w+)/resultsincludes\admin\class-userfeedback-results.php:51
GET/wp-json/userfeedback/v1/surveys/(?P<id>\w+)/responsesincludes\admin\class-userfeedback-results.php:61
POST/wp-json/userfeedback/v1/surveys/(?P<id>\w+)/responses/trashincludes\admin\class-userfeedback-results.php:85
POST/wp-json/userfeedback/v1/surveys/(?P<id>\w+)/responses/restoreincludes\admin\class-userfeedback-results.php:106
DELETE/wp-json/userfeedback/v1/surveys/(?P<id>\w+)/responsesincludes\admin\class-userfeedback-results.php:127
GET/wp-json/userfeedback/v1/searchincludes\admin\class-userfeedback-search.php:29
GET/wp-json/userfeedback/v1/settingsincludes\admin\class-userfeedback-settings.php:29
POST/wp-json/userfeedback/v1/settingsincludes\admin\class-userfeedback-settings.php:39
GET/wp-json/userfeedback/v1/addonsincludes\admin\class-userfeedback-settings.php:49
GET/wp-json/userfeedback/v1/surveysincludes\admin\class-userfeedback-surveys.php:31
GET/wp-json/userfeedback/v1/surveys/(?P<id>\w+)includes\admin\class-userfeedback-surveys.php:67
POST/wp-json/userfeedback/v1/surveysincludes\admin\class-userfeedback-surveys.php:77
POST/wp-json/userfeedback/v1/surveys/restoreincludes\admin\class-userfeedback-surveys.php:87
POST/wp-json/userfeedback/v1/surveys/draftincludes\admin\class-userfeedback-surveys.php:97
POST/wp-json/userfeedback/v1/surveys/trashincludes\admin\class-userfeedback-surveys.php:107
POST/wp-json/userfeedback/v1/surveys/publishincludes\admin\class-userfeedback-surveys.php:117
DELETE/wp-json/userfeedback/v1/surveysincludes\admin\class-userfeedback-surveys.php:127
POST/wp-json/userfeedback/v1/surveys/(?P<id>\w+)/duplicateincludes\admin\class-userfeedback-surveys.php:137
GET/wp-json/userfeedback/v1/survey-templatesincludes\admin\class-userfeedback-surveys.php:147
POST/wp-json/userfeedback/v1/surveys/(?P<id>\w+)/responsesincludes\frontend\class-userfeedback-frontend.php:57
POST/wp-json/userfeedback/v1/surveys/(?P<id>\w+)/impressionincludes\frontend\class-userfeedback-frontend.php:67
WordPress Hooks 85
actionadmin_menuincludes\admin\admin.php:225
actionadmin_bar_menuincludes\admin\admin.php:226
actionadmin_headincludes\admin\admin.php:314
filteradmin_body_classincludes\admin\admin.php:364
actioncurrent_screenincludes\admin\admin.php:385
actionrest_api_initincludes\admin\class-userfeedback-ai-survey-summary.php:27
actionadmin_print_scriptsincludes\admin\class-userfeedback-am-deactivation-survey.php:76
actionadmin_print_scriptsincludes\admin\class-userfeedback-am-deactivation-survey.php:77
actionadmin_footerincludes\admin\class-userfeedback-am-deactivation-survey.php:78
actionwp_dashboard_setupincludes\admin\class-userfeedback-dashboard-widget.php:21
actionrest_api_initincludes\admin\class-userfeedback-logic-type.php:22
actioninitincludes\admin\class-userfeedback-metabox.php:12
actionload-post.phpincludes\admin\class-userfeedback-metabox.php:18
actionload-post-new.phpincludes\admin\class-userfeedback-metabox.php:19
actionsave_postincludes\admin\class-userfeedback-metabox.php:20
actionadmin_enqueue_scriptsincludes\admin\class-userfeedback-metabox.php:56
actionadd_meta_boxesincludes\admin\class-userfeedback-metabox.php:60
actionuserfeedback_run_notificationsincludes\admin\class-userfeedback-notifications-runner.php:56
actionrest_api_initincludes\admin\class-userfeedback-notifications.php:47
actionuserfeedback_admin_notifications_updateincludes\admin\class-userfeedback-notifications.php:48
actionadmin_initincludes\admin\class-userfeedback-onboarding-wizard.php:20
actionadmin_menuincludes\admin\class-userfeedback-onboarding-wizard.php:21
actionnetwork_admin_menuincludes\admin\class-userfeedback-onboarding-wizard.php:22
actionadmin_headincludes\admin\class-userfeedback-onboarding-wizard.php:159
actionrest_api_initincludes\admin\class-userfeedback-results.php:22
actionadmin_noticesincludes\admin\class-userfeedback-review.php:24
actionrest_api_initincludes\admin\class-userfeedback-search.php:20
actionrest_api_initincludes\admin\class-userfeedback-settings.php:20
actionrest_api_initincludes\admin\class-userfeedback-surveys.php:20
actionin_admin_footerincludes\admin\class-userfeedback-surveys.php:21
actioninitincludes\admin\class-userfeedback-tracking.php:30
actionuserfeedback_settings_save_general_endincludes\admin\class-userfeedback-tracking.php:31
actionadmin_headincludes\admin\class-userfeedback-tracking.php:32
actionadmin_headincludes\admin\class-userfeedback-tracking.php:33
filtercron_schedulesincludes\admin\class-userfeedback-tracking.php:34
actionuserfeedback_usage_tracking_cronincludes\admin\class-userfeedback-tracking.php:35
actionadmin_enqueue_scriptsincludes\admin\common.php:246
actionadmin_enqueue_scriptsincludes\admin\common.php:481
actionadmin_headincludes\admin\common.php:482
actionadmin_initincludes\admin\common.php:562
filterplugin_auto_update_setting_htmlincludes\admin\licensing\autoupdate.php:76
filterauto_update_pluginincludes\admin\licensing\autoupdate.php:177
filtermap_meta_capincludes\class-userfeedback-capabilities.php:34
filteruserfeedback_compatible_php_versionincludes\class-userfeedback-compatibility-check.php:70
filteruserfeedback_compatible_wp_versionincludes\class-userfeedback-compatibility-check.php:71
actionadmin_noticesincludes\class-userfeedback-compatibility-check.php:228
actionadmin_noticesincludes\class-userfeedback-compatibility-check.php:232
actionuserfeedback_survey_responseincludes\emails\class-userfeedback-email-response-notification.php:368
actionadmin_enqueue_scriptsincludes\emails\class-userfeedback-email-summaries.php:69
actioninitincludes\emails\class-userfeedback-email-summaries.php:72
filteruserfeedback_email_template_pathsincludes\emails\class-userfeedback-email-summaries.php:73
filteruserfeedback_emails_templates_set_initial_argsincludes\emails\class-userfeedback-email-summaries.php:74
filtercron_schedulesincludes\emails\class-userfeedback-email-summaries.php:75
actionuserfeedback_email_summaries_cronincludes\emails\class-userfeedback-email-summaries.php:76
actionuserfeedback_email_send_beforeincludes\emails\class-userfeedback-wp-emails.php:110
actionuserfeedback_email_send_afterincludes\emails\class-userfeedback-wp-emails.php:111
filterwp_mail_fromincludes\emails\class-userfeedback-wp-emails.php:429
filterwp_mail_from_nameincludes\emails\class-userfeedback-wp-emails.php:430
filterwp_mail_content_typeincludes\emails\class-userfeedback-wp-emails.php:431
actiontemplate_redirectincludes\frontend\class-userfeedback-frontend.php:28
actionrest_api_initincludes\frontend\class-userfeedback-frontend.php:29
filteruserfeedback_detect_page_idincludes\frontend\class-userfeedback-frontend.php:30
actionwp_headincludes\frontend\class-userfeedback-frontend.php:837
filterscript_loader_tagincludes\frontend\class-userfeedback-frontend.php:894
filterscript_loader_tagincludes\frontend\class-userfeedback-frontend.php:928
actionwp_footerincludes\frontend\class-userfeedback-frontend.php:1086
actionenqueue_block_editor_assetsincludes\gutenberg\gutenberg.php:15
actioninitincludes\gutenberg\metabox.php:17
actionsave_postincludes\gutenberg\metabox.php:18
filteruserfeedback_email_messageincludes\helpers.php:466
actionadminmenuincludes\helpers.php:916
filteruserfeedback_admin_script_localizationincludes\integrations\class-userfeedback-plugin-integration.php:50
filteruserfeedback_frontend_script_localizationincludes\integrations\class-userfeedback-plugin-integration.php:54
actionwp_loadeduserfeedback-base.php:177
actionplugins_loadeduserfeedback-base.php:182
actioninituserfeedback-base.php:186
actionadmin_menuuserfeedback-base.php:404
actionadmin_inituserfeedback-base.php:646
actionplugins_loadeduserfeedback-base.php:655
actionplugins_loadeduserfeedback-base.php:690
filteruserfeedback_vue_noticesuserfeedback.php:57
filteruserfeedback_vue_wp_noticesuserfeedback.php:58
actionwp_logoutuserfeedback.php:59
filteradmin_footer_textuserfeedback.php:62
actionadmin_noticesuserfeedback.php:203

Scheduled Events 3

userfeedback_admin_notifications_update
userfeedback_usage_tracking_cron
userfeedback_email_summaries_cron
Maintenance & Trust

UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version5.6
Downloads4.1M

Community Trust

Rating96/100
Number of ratings294
Active installs200K
Alternatives

UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Alternatives

FeedFocal

FeedFocal

feedfocal

A
100

Collect user feedback with our easy to use survey tools! Create surveys in seconds.

2K 1 CVE
Mopinion Feedback Form

Mopinion Feedback Form

mopinion-feedback-form

C
63

Easy add feedback buttons and feedback forms to your website with the Mopinion.com Wordpress Plugin. Easy install, fast user insights.

100 1 unpatched
Exit Intent Visitors Feedback – Trigger Feedback Popup on Exit Intent

Exit Intent Visitors Feedback – Trigger Feedback Popup on Exit Intent

visitors-feedback

A
100

Capture valuable feedback from your website visitors before they leave from your website.

10 No CVEs
Katorymnd Reaction Process Plugin

Katorymnd Reaction Process Plugin

katorymnd-reaction-process

A
100

Elevate your WordPress site with dynamic feedback, ratings, and surveys for insightful user interaction.

0 No CVEs
SH Advance Polls

SH Advance Polls

sh-advance-polls

A
100

You can create polls and surveys for your audience and observe the full analytics in the admin panel.

0 No CVEs
Developer Profile

UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
795 days
View full developer profile
Detection Fingerprints

How We Detect UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/userfeedback-lite/build/userfeedback-lite.min.css/wp-content/plugins/userfeedback-lite/build/userfeedback-lite.min.js
Script Paths
/wp-content/plugins/userfeedback-lite/build/userfeedback-lite.min.js
Version Parameters
userfeedback-lite/build/userfeedback-lite.min.css?ver=userfeedback-lite/build/userfeedback-lite.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
user-feedback-button
Data Attributes
data-userfeedback-lite-nonce
JS Globals
UserFeedbackLiteConfig
FAQ

Frequently Asked Questions about UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds