Vulnerabilities > AYS PRO > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-27 | CVE-2024-7713 | Cleartext Transmission of Sensitive Information vulnerability in Ays-Pro Chatgpt Assistant The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it | 7.5 |
| 2024-09-27 | CVE-2024-7714 | Unspecified vulnerability in Ays-Pro Chatgpt Assistant The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. | 7.5 |
| 2023-11-13 | CVE-2023-34013 | Unspecified vulnerability in Ays-Pro Poll Maker Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2. | 7.5 |
| 2023-10-03 | CVE-2023-39917 | Unspecified vulnerability in Ays-Pro Photo Gallery Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions. | 8.8 |
| 2023-01-20 | CVE-2023-23490 | SQL Injection vulnerability in Ays-Pro Survey Maker The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action. | 8.8 |
| 2021-10-11 | CVE-2021-24651 | Unspecified vulnerability in Ays-Pro Poll Maker The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. | 7.5 |
| 2021-08-02 | CVE-2021-24456 | SQL Injection vulnerability in Ays-Pro Quiz Maker The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard | 7.2 |
| 2021-08-02 | CVE-2021-24457 | Unspecified vulnerability in Ays-Pro Portfolio Responsive Gallery The get_portfolios() and get_portfolio_attributes() functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard | 8.8 |
| 2021-08-02 | CVE-2021-24458 | Unspecified vulnerability in Ays-Pro Popup BOX The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard | 8.8 |
| 2021-08-02 | CVE-2021-24459 | Unspecified vulnerability in Ays-Pro Survey Maker The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard | 8.8 |