Vulnerabilities > AYS PRO > Survey Maker

DATE CVE VULNERABILITY TITLE RISK
2023-06-05 CVE-2023-2572 Unspecified vulnerability in Ays-Pro Survey Maker
The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
ays-pro
6.1
2023-01-20 CVE-2023-23490 SQL Injection vulnerability in Ays-Pro Survey Maker
The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action.
network
low complexity
ays-pro CWE-89
8.8
2023-01-03 CVE-2023-0038 Unspecified vulnerability in Ays-Pro Survey Maker
The "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping.
network
low complexity
ays-pro
6.1
2022-02-21 CVE-2021-26256 Cross-site Scripting vulnerability in Ays-Pro Survey Maker
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6).
network
ays-pro CWE-79
4.3
2021-08-02 CVE-2021-24459 SQL Injection vulnerability in Ays-Pro Survey Maker
The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
network
low complexity
ays-pro CWE-89
6.5