Vulnerabilities > AYS PRO

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2024-22027 Improper Input Validation vulnerability in Ays-Pro Quiz Maker
Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.
network
low complexity
ays-pro CWE-20
6.5
2023-12-26 CVE-2023-6155 Improper Authentication vulnerability in Ays-Pro Quiz Maker
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.
network
low complexity
ays-pro CWE-287
5.3
2023-12-26 CVE-2023-6166 Cross-site Scripting vulnerability in Ays-Pro Quiz Maker
The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
network
low complexity
ays-pro CWE-79
6.1
2023-12-04 CVE-2023-5809 Cross-site Scripting vulnerability in Ays-Pro Popup BOX
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
network
low complexity
ays-pro CWE-79
4.8
2023-12-04 CVE-2023-5874 Cross-site Scripting vulnerability in Ays-Pro Popup BOX
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
network
low complexity
ays-pro CWE-79
4.8
2023-11-20 CVE-2023-5343 Cross-site Scripting vulnerability in Ays-Pro Popup BOX
The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
network
low complexity
ays-pro CWE-79
4.8
2023-11-13 CVE-2023-34013 Server-Side Request Forgery (SSRF) vulnerability in Ays-Pro Poll Maker
Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2.
network
low complexity
ays-pro CWE-918
7.5
2023-10-31 CVE-2023-4390 Cross-site Scripting vulnerability in Ays-Pro Popup BOX
The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
network
low complexity
ays-pro CWE-79
4.8
2023-10-03 CVE-2023-39917 Cross-Site Request Forgery (CSRF) vulnerability in Ays-Pro Photo Gallery
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.
network
low complexity
ays-pro CWE-352
8.8
2023-09-25 CVE-2023-41871 Cross-site Scripting vulnerability in Ays-Pro Poll Maker
Unauth.
network
low complexity
ays-pro CWE-79
6.1