Ays Pro

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-35764 1Ays Pro 1Survey Maker Oct 10, 2025 Apr 3, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting.
CVE-2023-34423 1Ays Pro 1Survey Maker Oct 10, 2025 Apr 3, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website us...Show more Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the administrative privilege.Show less
CVE-2024-29918 1Ays Pro 1Survey Maker Apr 28, 2026 Mar 27, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Reflected XSS.This issue affects Survey Maker: from n/a through 4.0.6.
CVE-2024-27996 1Ays Pro 1Survey Maker Apr 28, 2026 Mar 19, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 4.0.5.
CVE-2023-6591 1Ays Pro 1Popup Box Nov 21, 2024 Feb 12, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is di...Show more The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedShow less
CVE-2023-47526 1Ays Pro 1Chartify Apr 28, 2026 Feb 12, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart P...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart Plugin: from n/a through 2.0.6.Show less
CVE-2024-1079 1Ays Pro 1Quiz Maker Apr 8, 2026 Feb 7, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible...Show more The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII.Show less
CVE-2024-1078 1Ays Pro 1Quiz Maker Apr 8, 2026 Feb 7, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6....Show more The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes.Show less
CVE-2024-22027 1Ays Pro 1Quiz Maker Jun 5, 2025 Jan 12, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.
CVE-2023-6166 1Ays Pro 1Quiz Maker Nov 21, 2024 Dec 26, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
CVE-2023-6155 1Ays Pro 1Quiz Maker Nov 21, 2024 Dec 26, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately lea...Show more The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.Show less
CVE-2023-5874 1Ays Pro 1Popup Box Nov 21, 2024 Dec 4, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_...Show more The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2023-5809 1Ays Pro 1Popup Box Nov 21, 2024 Dec 4, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_...Show more The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2023-5343 1Ays Pro 1Popup Box Nov 21, 2024 Nov 20, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is dis...Show more The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.Show less
CVE-2023-34013 1Ays Pro 1Poll Maker Apr 28, 2026 Nov 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2.
CVE-2023-4390 1Ays Pro 1Popup Box Apr 23, 2025 Oct 31, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html ca...Show more The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).Show less
CVE-2023-39917 1Ays Pro 1Photo Gallery Nov 21, 2024 Oct 3, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.
CVE-2023-41871 1Ays Pro 1Poll Maker Nov 21, 2024 Sep 25, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions.
CVE-2023-32498 1Ays Pro 1Easy Form Nov 21, 2024 Aug 23, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <= 1.2.0 versions.
CVE-2023-32107 1Ays Pro 1Photo Gallery Nov 21, 2024 Aug 18, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions.

Previous 1 234 5 Next