Filtered by vendor Ays-pro
Subscribe
Total
39 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47526 | 1 Ays-pro | 1 Chartify | 2024-02-16 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart Plugin: from n/a through 2.0.6. | |||||
| CVE-2024-1079 | 1 Ays-pro | 1 Quiz Maker | 2024-02-14 | N/A | 5.3 MEDIUM |
| The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII. | |||||
| CVE-2024-1078 | 1 Ays-pro | 1 Quiz Maker | 2024-02-14 | N/A | 4.3 MEDIUM |
| The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes. | |||||
| CVE-2024-22027 | 1 Ays-pro | 1 Quiz Maker | 2024-01-18 | N/A | 6.5 MEDIUM |
| Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services. | |||||
| CVE-2023-6166 | 1 Ays-pro | 1 Quiz Maker | 2024-01-02 | N/A | 6.1 MEDIUM |
| The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | |||||
| CVE-2023-6155 | 1 Ays-pro | 1 Quiz Maker | 2024-01-02 | N/A | 5.3 MEDIUM |
| The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses. | |||||
| CVE-2023-34013 | 1 Ays-pro | 1 Poll Maker | 2023-12-10 | N/A | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2. | |||||
| CVE-2023-5343 | 1 Ays-pro | 1 Popup Box | 2023-12-10 | N/A | 4.8 MEDIUM |
| The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2023-5874 | 1 Ays-pro | 1 Popup Box | 2023-12-10 | N/A | 4.8 MEDIUM |
| The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-5809 | 1 Ays-pro | 1 Popup Box | 2023-12-10 | N/A | 4.8 MEDIUM |
| The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-4390 | 1 Ays-pro | 1 Popup Box | 2023-12-10 | N/A | 4.8 MEDIUM |
| The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). | |||||
| CVE-2023-39917 | 1 Ays-pro | 1 Photo Gallery | 2023-12-10 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions. | |||||
| CVE-2023-32498 | 1 Ays-pro | 1 Easy Form | 2023-12-10 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <= 1.2.0 versions. | |||||
| CVE-2023-32107 | 1 Ays-pro | 1 Photo Gallery | 2023-12-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions. | |||||
| CVE-2023-41871 | 1 Ays-pro | 1 Poll Maker | 2023-12-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions. | |||||
| CVE-2023-2571 | 1 Ays-pro | 1 Quiz Maker | 2023-12-10 | N/A | 6.1 MEDIUM |
| The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-2572 | 1 Ays-pro | 1 Survey Maker | 2023-12-10 | N/A | 6.1 MEDIUM |
| The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-27414 | 1 Ays-pro | 1 Popup Box | 2023-12-10 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions. | |||||
| CVE-2023-2568 | 1 Ays-pro | 1 Photo Gallery | 2023-12-10 | N/A | 6.1 MEDIUM |
| The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-23490 | 1 Ays-pro | 1 Survey Maker | 2023-12-10 | N/A | 8.8 HIGH |
| The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action. | |||||