ReportizFlow
Filtered by vendor Ays-pro
Subscriptions
Total
126 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-57931 | 2 Ays-pro, Wordpress | 2 Popup Box, Wordpress | 2026-04-23 | 5.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 5.5.4. | ||||
| CVE-2025-54673 | 2 Ays-pro, Wordpress | 2 Chartify, Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.5.3. | ||||
| CVE-2025-47545 | 1 Ays-pro | 1 Poll Maker | 2026-04-23 | 5.3 Medium |
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker poll-maker allows Leveraging Race Conditions.This issue affects Poll Maker: from n/a through <= 5.7.7. | ||||
| CVE-2025-30905 | 2 Ays-pro, Wordpress | 2 Secure Copy Content Protection And Content Locking, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 4.4.3. | ||||
| CVE-2025-30904 | 2 Ays-pro, Wordpress | 2 Chartify, Wordpress | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify chart-builder allows Stored XSS.This issue affects Chartify: from n/a through <= 3.1.7. | ||||
| CVE-2025-30774 | 1 Ays-pro | 1 Quiz Maker | 2026-04-23 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Quiz Maker quiz-maker allows SQL Injection.This issue affects Quiz Maker: from n/a through <= 6.6.8.7. | ||||
| CVE-2025-26971 | 1 Ays-pro | 1 Poll Maker | 2026-04-23 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Poll Maker poll-maker allows Blind SQL Injection.This issue affects Poll Maker: from n/a through <= 5.6.5. | ||||
| CVE-2025-24577 | 1 Ays-pro | 1 Poll Maker | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.0. | ||||
| CVE-2025-22664 | 1 Ays-pro | 1 Survey Maker | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.3.5. | ||||
| CVE-2024-56295 | 1 Ays-pro | 1 Poll Maker | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.6. | ||||
| CVE-2024-50426 | 1 Ays-pro | 1 Survey Maker | 2026-04-23 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.0.2. | ||||
| CVE-2023-50904 | 2 Ays-pro, Poll Maker Team | 2 Poll Maker, Poll Maker | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.8.0. | ||||
| CVE-2023-45766 | 1 Ays-pro | 1 Poll Maker | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.7.1. | ||||
| CVE-2026-32342 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2. | ||||
| CVE-2026-31922 | 2 Ays-pro, Wordpress | 2 Fox Lms, Wordpress | 2026-04-23 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3. | ||||
| CVE-2026-32402 | 2 Ays-pro, Wordpress | 2 Image Slider, Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1. | ||||
| CVE-2026-32428 | 2 Ays-pro, Wordpress | 2 Popup Like Box, Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from n/a through <= 3.7.7. | ||||
| CVE-2025-13378 | 2 Ays-pro, Wordpress | 2 Ai Chatbot With Chatgpt, Wordpress | 2026-04-22 | 6.5 Medium |
| The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ays_chatgpt_pinecone_upsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2025-10042 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2026-04-22 | 5.9 Medium |
| The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable in configurations where the server is set up to retrieve the IP from a user-supplied field like `X-Forwarded-For` and limit users by IP is enabled. | ||||
| CVE-2025-12892 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-04-22 | 5.3 Medium |
| The Survey Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to update the ays_survey_maker_upgrade_plugin option. | ||||