Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-26	CVE-2023-6166	Cross-site Scripting vulnerability in Ays-Pro Quiz Maker The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting network low complexity ays-pro CWE-79	6.1
2023-12-04	CVE-2023-5809	Cross-site Scripting vulnerability in Ays-Pro Popup BOX The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) network low complexity ays-pro CWE-79	4.8
2023-12-04	CVE-2023-5874	Cross-site Scripting vulnerability in Ays-Pro Popup BOX The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) network low complexity ays-pro CWE-79	4.8
2023-11-20	CVE-2023-5343	Cross-site Scripting vulnerability in Ays-Pro Popup BOX The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. network low complexity ays-pro CWE-79	4.8
2023-10-31	CVE-2023-4390	Cross-site Scripting vulnerability in Ays-Pro Popup BOX The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). network low complexity ays-pro CWE-79	4.8
2023-09-25	CVE-2023-41871	Cross-site Scripting vulnerability in Ays-Pro Poll Maker Unauth. network low complexity ays-pro CWE-79	6.1
2023-08-23	CVE-2023-32498	Cross-site Scripting vulnerability in Ays-Pro Easy Form Auth. network low complexity ays-pro CWE-79	4.8
2023-08-18	CVE-2023-32107	Cross-site Scripting vulnerability in Ays-Pro Photo Gallery Unauth. network low complexity ays-pro CWE-79	6.1
2023-06-21	CVE-2023-27414	Cross-site Scripting vulnerability in Ays-Pro Popup BOX Unauth. network low complexity ays-pro CWE-79	6.1
2023-06-12	CVE-2023-2568	Unspecified vulnerability in Ays-Pro Photo Gallery The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin network low complexity ays-pro	6.1