Filtered by vendor Ays-pro
Subscribe
Total
84 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15611 | 1 Ays-pro | 1 Popup Box | 2026-04-09 | N/A | 5.4 MEDIUM |
| The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create or modify popups with arbitrary JavaScript that executes in the admin panel and frontend. | |||||
| CVE-2024-6028 | 1 Ays-pro | 1 Quiz Maker | 2026-04-08 | N/A | 9.8 CRITICAL |
| The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-3601 | 1 Ays-pro | 1 Poll Maker | 2026-04-08 | N/A | 5.3 MEDIUM |
| The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to extract email addresses by enumerating them one character at a time. | |||||
| CVE-2024-3600 | 1 Ays-pro | 1 Poll Maker | 2026-04-08 | N/A | 7.2 HIGH |
| The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to create quizzes and inject malicious web scripts into them that execute when a user visits the page. | |||||
| CVE-2024-10571 | 1 Ays-pro | 1 Chartify | 2026-04-08 | N/A | 9.8 CRITICAL |
| The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2023-0038 | 1 Ays-pro | 1 Survey Maker | 2026-04-08 | N/A | 7.2 HIGH |
| The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts when submitting quizzes that will execute whenever a user accesses the submissions page. | |||||
| CVE-2024-1079 | 1 Ays-pro | 1 Quiz Maker | 2026-04-08 | N/A | 5.3 MEDIUM |
| The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII. | |||||
| CVE-2024-1078 | 1 Ays-pro | 1 Quiz Maker | 2026-04-08 | N/A | 4.3 MEDIUM |
| The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes. | |||||
| CVE-2025-58015 | 1 Ays-pro | 1 Quiz Maker | 2026-04-01 | N/A | 7.5 HIGH |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker quiz-maker allows Retrieve Embedded Sensitive Data.This issue affects Quiz Maker: from n/a through <= 6.7.0.65. | |||||
| CVE-2025-58014 | 1 Ays-pro | 1 Quiz Maker | 2026-04-01 | N/A | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.64. | |||||
| CVE-2025-47545 | 1 Ays-pro | 1 Poll Maker | 2026-04-01 | N/A | 8.1 HIGH |
| Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker poll-maker allows Leveraging Race Conditions.This issue affects Poll Maker: from n/a through <= 5.7.7. | |||||
| CVE-2025-32275 | 1 Ays-pro | 1 Survey Maker | 2026-04-01 | N/A | 5.3 MEDIUM |
| Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker survey-maker allows Identity Spoofing.This issue affects Survey Maker: from n/a through <= 5.1.6.3. | |||||
| CVE-2025-30774 | 1 Ays-pro | 1 Quiz Maker | 2026-04-01 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Quiz Maker quiz-maker allows SQL Injection.This issue affects Quiz Maker: from n/a through <= 6.6.8.7. | |||||
| CVE-2025-26971 | 1 Ays-pro | 1 Poll Maker | 2026-04-01 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Poll Maker poll-maker allows Blind SQL Injection.This issue affects Poll Maker: from n/a through <= 5.6.5. | |||||
| CVE-2025-24577 | 1 Ays-pro | 1 Poll Maker | 2026-04-01 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.0. | |||||
| CVE-2025-22664 | 1 Ays-pro | 1 Survey Maker | 2026-04-01 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.3.5. | |||||
| CVE-2024-56295 | 1 Ays-pro | 1 Poll Maker | 2026-04-01 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.6. | |||||
| CVE-2024-56277 | 1 Ays-pro | 1 Poll Maker | 2026-04-01 | N/A | N/A |
| Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue affects Poll Maker: from n/a through < 5.5.5. | |||||
| CVE-2024-50426 | 1 Ays-pro | 1 Survey Maker | 2026-04-01 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.0.2. | |||||
| CVE-2025-67595 | 1 Ays-pro | 1 Quiz Maker | 2026-01-20 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82. | |||||