← Back

Ays Pro

ays-pro

84 CVEs • 14 products

Products (14)

Click to collapse
Toggle
Poll Maker
poll_maker
20 CVEs
Quiz Maker
quiz_maker
17 CVEs
Survey Maker
survey_maker
16 CVEs
Popup Box
popup_box
10 CVEs
Photo Gallery
photo_gallery
6 CVEs
Secure Copy Content Protection And Content Locking
secure_copy_content_protection_and_content_locking
5 CVEs
Chartify
chartify
2 CVEs
Chatgpt Assistant
chatgpt_assistant
2 CVEs
Portfolio Responsive Gallery
portfolio_responsive_gallery
1 CVE
Faq Builder
faq_builder
1 CVE
Image Slider
image_slider
1 CVE
Popup Like Box
popup_like_box
1 CVE
Personal Dictionary
personal_dictionary
1 CVE
Easy Form
easy_form
1 CVE

CVEs (84)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-27414
1Ays Pro
1Popup Box
Nov 21, 2024
Jun 21, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.
CVE-2023-2568
1Ays Pro
1Photo Gallery
Nov 21, 2024
Jun 12, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users s...Show more
The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2023-2572
1Ays Pro
1Survey Maker
Jan 8, 2025
Jun 5, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as...Show more
The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2023-2571
1Ays Pro
1Quiz Maker
Jan 8, 2025
Jun 5, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as...Show more
The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2023-23490
1Ays Pro
1Survey Maker
Apr 3, 2025
Jan 20, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action.
CVE-2023-0038
1Ays Pro
1Survey Maker
Apr 8, 2026
Jan 3, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and ou...Show more
The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts when submitting quizzes that will execute whenever a user accesses the submissions page.Show less
CVE-2022-1456
1Ays Pro
1Poll Maker
Nov 21, 2024
May 30, 2022
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disa...Show more
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowedShow less
CVE-2022-1013
1Ays Pro
1Personal Dictionary
Nov 21, 2024
May 9, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerabili...Show more
The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.Show less
CVE-2022-0641
1Ays Pro
1Popup Like Box
Nov 21, 2024
Mar 28, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
CVE-2021-26256
1Ays Pro
1Survey Maker
Nov 21, 2024
Feb 21, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6).
CVE-2021-24931
1Ays Pro
1Secure Copy Content Protection And Content Locking
Nov 21, 2024
Dec 6, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authentica...Show more
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.Show less
CVE-2021-24651
1Ays Pro
1Poll Maker
Nov 21, 2024
Oct 11, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing at...Show more
The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash.Show less
CVE-2021-34635
1Ays Pro
1Poll Maker
Nov 21, 2024
Aug 2, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the ~/admin/partials/settings/poll-maker-settings.php file which allows attackers to inject arbitrary web...Show more
The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the ~/admin/partials/settings/poll-maker-settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.8.Show less
CVE-2021-24484
1Ays Pro
1Secure Copy Content Protection And Content Locking
Nov 21, 2024
Aug 2, 2021
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the g...Show more
The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboardShow less
CVE-2021-24483
1Ays Pro
1Poll Maker
Nov 21, 2024
Aug 2, 2021
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the g...Show more
The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboardShow less
CVE-2021-24463
1Ays Pro
1Image Slider
Nov 21, 2024
Aug 2, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The get_sliders() function in the Image Slider by Ays- Responsive Slider and Carousel WordPress plugin before 2.5.0 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the...Show more
The get_sliders() function in the Image Slider by Ays- Responsive Slider and Carousel WordPress plugin before 2.5.0 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboardShow less
CVE-2021-24462
1Ays Pro
1Photo Gallery
Nov 21, 2024
Aug 2, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in S...Show more
The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboardShow less
CVE-2021-24461
1Ays Pro
1Faq Builder
Nov 21, 2024
Aug 2, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL...Show more
The get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboardShow less
CVE-2021-24460
1Ays Pro
1Popup Box
Nov 21, 2024
Aug 2, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB c...Show more
The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboardShow less
CVE-2021-24459
1Ays Pro
1Survey Maker
Nov 21, 2024
Aug 2, 2021
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls...Show more
The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboardShow less