Filtered by vendor Ays-pro
Subscriptions
Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69021 | 2 Ays-pro, Wordpress | 2 Popup Box, Wordpress | 2026-01-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7. | ||||
| CVE-2025-67595 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2026-01-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82. | ||||
| CVE-2025-66529 | 2 Ays-pro, Wordpress | 2 Chartify, Wordpress | 2026-01-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.6.3. | ||||
| CVE-2025-66117 | 2 Ays-pro, Wordpress | 2 Easy Form, Wordpress | 2026-01-20 | 7.5 High |
| Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8. | ||||
| CVE-2025-64276 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-01-20 | 6.5 Medium |
| Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through <= 5.1.9.4. | ||||
| CVE-2025-62039 | 2 Ays-pro, Wordpress | 2 Ai Chatbot With Chatgpt, Wordpress | 2026-01-20 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Retrieve Embedded Sensitive Data.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.6.6. | ||||
| CVE-2025-57931 | 3 Ays-pro, Ays Pro, Wordpress | 3 Popup Box, Popup Box, Wordpress | 2026-01-20 | 5.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through 5.5.4. | ||||
| CVE-2025-48098 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.8.8. | ||||
| CVE-2025-48095 | 2 Ays-pro, Wordpress | 2 Survey Maker, Wordpress | 2026-01-20 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.8.8. | ||||
| CVE-2023-23985 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2025-12-31 | 3.7 Low |
| Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. | ||||
| CVE-2025-30774 | 1 Ays-pro | 1 Quiz Maker | 2025-12-31 | 8.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Quiz Maker allows SQL Injection. This issue affects Quiz Maker: from n/a through 6.6.8.7. | ||||
| CVE-2025-10042 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2025-12-19 | 5.9 Medium |
| The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable in configurations where the server is set up to retrieve the IP from a user-supplied field like `X-Forwarded-For` and limit users by IP is enabled. | ||||
| CVE-2024-6028 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2025-12-15 | 9.8 Critical |
| The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-14156 | 2 Ays-pro, Wordpress | 2 Fox Lms, Wordpress | 2025-12-15 | 9.8 Critical |
| The Fox LMS – WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is due to the plugin not properly validating the 'role' parameter when creating new users via the `/fox-lms/v1/payments/create-order` REST API endpoint. This makes it possible for unauthenticated attackers to create new user accounts with arbitrary roles, including administrator, leading to complete site compromise. | ||||
| CVE-2025-14454 | 2 Ays-pro, Wordpress | 2 Image Slider, Wordpress | 2025-12-15 | 4.3 Medium |
| The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.0. This is due to missing or incorrect nonce validation on the bulk delete functionality. This makes it possible for unauthenticated attackers to delete arbitrary sliders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-14442 | 2 Ays-pro, Wordpress | 2 Secure Copy Content Protection And Content Locking, Wordpress | 2025-12-14 | 5.3 Medium |
| The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes it possible for unauthenticated attackers to access sensitive user data including emails, IP addresses, usernames, roles, and location data by directly accessing the exported CSV file. | ||||
| CVE-2025-14159 | 2 Ays-pro, Wordpress | 2 Secure Copy Content Protection And Content Locking, Wordpress | 2025-12-14 | 4.3 Medium |
| The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ays_sccp_results_export_file' AJAX action. This makes it possible for unauthenticated attackers to export sensitive plugin data including email addresses, IP addresses, physical addresses, user IDs, and other user information via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The exported data is stored in a publicly accessible file, allowing attackers to receive the sensitive information even though they are not authenticated. | ||||
| CVE-2025-58014 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2025-12-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker allows Cross Site Request Forgery. This issue affects Quiz Maker: from n/a through 6.7.0.61. | ||||
| CVE-2025-58015 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2025-12-12 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker allows Retrieve Embedded Sensitive Data. This issue affects Quiz Maker: from n/a through 6.7.0.61. | ||||
| CVE-2025-12426 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2025-12-12 | 5.3 Medium |
| The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin exposing quiz answers through the ays_quiz_check_answer AJAX action without proper authorization checks. The endpoint only validates a nonce, but that same nonce is publicly available to all site visitors via the quiz_maker_ajax_public localized script data. This makes it possible for unauthenticated attackers to extract sensitive data including quiz answers for any quiz question. | ||||