High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-27	CVE-2024-7713	Cleartext Transmission of Sensitive Information vulnerability in Ays-Pro Chatgpt Assistant The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it network low complexity ays-pro CWE-319	7.5
2024-09-27	CVE-2024-7714	Unspecified vulnerability in Ays-Pro Chatgpt Assistant The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. network low complexity ays-pro	7.5
2023-11-13	CVE-2023-34013	Server-Side Request Forgery (SSRF) vulnerability in Ays-Pro Poll Maker Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2. network low complexity ays-pro CWE-918	7.5
2023-10-03	CVE-2023-39917	Cross-Site Request Forgery (CSRF) vulnerability in Ays-Pro Photo Gallery Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions. network low complexity ays-pro CWE-352	8.8
2023-01-20	CVE-2023-23490	SQL Injection vulnerability in Ays-Pro Survey Maker The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action. network low complexity ays-pro CWE-89	8.8
2022-05-09	CVE-2022-1013	SQL Injection vulnerability in Ays-Pro Personal Dictionary The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. network low complexity ays-pro CWE-89	7.5
2021-12-06	CVE-2021-24931	SQL Injection vulnerability in Ays-Pro Secure Copy Content Protection and Content Locking The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection. network low complexity ays-pro CWE-89	7.5
2021-10-11	CVE-2021-24651	Information Exposure Through Discrepancy vulnerability in Ays-Pro Poll Maker The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. network low complexity ays-pro CWE-203	7.5
2021-08-02	CVE-2021-24460	SQL Injection vulnerability in Ays-Pro Popup BOX The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard network low complexity ays-pro CWE-89	8.8
2021-08-02	CVE-2021-24462	SQL Injection vulnerability in Ays-Pro Photo Gallery The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard network low complexity ays-pro CWE-89	8.8