Filtered by vendor Ays-pro
Subscriptions
Total
123 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32342 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2026-03-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2. | ||||
| CVE-2026-31922 | 2 Ays-pro, Wordpress | 2 Fox Lms, Wordpress | 2026-03-16 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3. | ||||
| CVE-2026-32402 | 2 Ays-pro, Wordpress | 2 Image Slider, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1. | ||||
| CVE-2026-32332 | 2 Ays-pro, Wordpress | 2 Easy Form, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9. | ||||
| CVE-2026-32428 | 2 Ays-pro, Wordpress | 2 Popup Like Box, Wordpress | 2026-03-16 | 5.3 Medium |
| Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from n/a through <= 3.7.7. | ||||
| CVE-2026-2367 | 2 Ays-pro, Wordpress | 2 Secure Copy Content Protection And Content Locking, Wordpress | 2026-02-26 | 6.4 Medium |
| The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ays_block' shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-26370 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-02-23 | N/A |
| WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser. | ||||
| CVE-2026-2384 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2026-02-20 | 6.4 Medium |
| The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `vc_quizmaker` shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This vulnerability requires WPBakery Page Builder to be installed and active | ||||
| CVE-2026-25335 | 2 Ays-pro, Wordpress | 2 Secure Copy Content Protection And Content Locking, Wordpress | 2026-02-20 | 4.3 Medium |
| Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 5.0.0. | ||||
| CVE-2026-1320 | 2 Ays-pro, Wordpress | 2 Secure Copy Content Protection And Content Locking, Wordpress | 2026-02-13 | 7.2 High |
| The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-1165 | 2 Ays-pro, Wordpress | 2 Popup Box, Wordpress | 2026-02-03 | 4.3 Medium |
| The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publish_unpublish_popupbox' function that verifies a self-created nonce rather than one submitted in the request. This makes it possible for unauthenticated attackers to change the publish status of popups via a forged request, granted they can trick a site administrator into performing an action such as clicking a link. | ||||
| CVE-2025-69021 | 2 Ays-pro, Wordpress | 2 Popup Box, Wordpress | 2026-01-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7. | ||||
| CVE-2025-67595 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2026-01-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82. | ||||
| CVE-2025-66529 | 2 Ays-pro, Wordpress | 2 Chartify, Wordpress | 2026-01-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.6.3. | ||||
| CVE-2025-66117 | 2 Ays-pro, Wordpress | 2 Easy Form, Wordpress | 2026-01-20 | 7.5 High |
| Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8. | ||||
| CVE-2025-64276 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-01-20 | 6.5 Medium |
| Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through <= 5.1.9.4. | ||||
| CVE-2025-62039 | 2 Ays-pro, Wordpress | 2 Ai Chatbot With Chatgpt, Wordpress | 2026-01-20 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.6.6. | ||||
| CVE-2025-57931 | 3 Ays-pro, Ays Pro, Wordpress | 3 Popup Box, Popup Box, Wordpress | 2026-01-20 | 5.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through 5.5.4. | ||||
| CVE-2025-48098 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.8.8. | ||||
| CVE-2025-48095 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-01-20 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.8.8. | ||||