Vendor CVEs
Ays Pro
All CVEs
99 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-3601 | Med | 0.34 | 5.3 | 0.01 | May 2, 2024 | The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated… | ||
| CVE-2026-6817 | Med | 0.31 | 5.8 | 0.00 | May 2, 2026 | The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers… | ||
| CVE-2023-34013 | Med | 0.29 | 4.4 | 0.00 | Nov 13, 2023 | Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2. | ||
| CVE-2026-32342 | Med | 0.28 | 4.3 | 0.00 | Mar 13, 2026 | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2. | ||
| CVE-2026-25335 | Med | 0.28 | 4.3 | 0.00 | Feb 19, 2026 | Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Secure Copy Content Protection and Content Locking: from… | ||
| CVE-2025-67595 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82. | ||
| CVE-2025-66529 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.6.3. | ||
| CVE-2025-58014 | Med | 0.28 | 4.3 | 0.00 | Sep 22, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.64. | ||
| CVE-2025-54673 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.5.3. | ||
| CVE-2025-32275 | Med | 0.28 | 4.3 | 0.00 | Apr 10, 2025 | Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker survey-maker allows Identity Spoofing.This issue affects Survey Maker: from n/a through <= 5.1.6.3. | ||
| CVE-2024-37096 | Med | 0.28 | 4.3 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in Popup Box Team Popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup box: from n/a through 4.5.1. | ||
| CVE-2024-1079 | Med | 0.28 | 5.3 | 0.01 | Feb 7, 2024 | The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz… | ||
| CVE-2025-13381 | Med | 0.27 | 5.3 | 0.00 | Nov 27, 2025 | The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays_chatgpt_save_wp_media' function in all versions up to, and including, 2.7.0. This makes it possible for… | ||
| CVE-2024-10861 | Med | 0.27 | 5.3 | 0.00 | Nov 16, 2024 | The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 4.9.7. This makes it… | ||
| CVE-2024-3897 | Med | 0.27 | 5.3 | 0.01 | May 2, 2024 | The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated… | ||
| CVE-2023-23985 | Low | 0.24 | 3.7 | 0.00 | Apr 24, 2024 | Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. | ||
| CVE-2025-14454 | Med | 0.21 | 4.3 | 0.00 | Dec 13, 2025 | The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.0. This is due to missing or incorrect nonce validation on the bulk delete functionality. This makes it possible for… | ||
| CVE-2024-1078 | Med | 0.21 | 4.3 | 0.00 | Feb 7, 2024 | The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers,… | ||
| CVE-2025-10042 | 0.03 | — | 0.01 | Sep 17, 2025 | The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it… | |||
| CVE-2024-7714 | 0.02 | — | 0.01 | Sep 27, 2024 | The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby… | |||
| CVE-2025-12426 | 0.00 | — | 0.00 | Nov 19, 2025 | The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin exposing quiz answers through the ays_quiz_check_answer AJAX action without proper authorization checks. The endpoint… | |||
| CVE-2024-9599 | 0.00 | — | 0.00 | May 15, 2025 | The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite… | |||
| CVE-2024-8617 | 0.00 | — | 0.00 | May 15, 2025 | The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite… | |||
| CVE-2024-13505 | 0.00 | — | 0.00 | Jan 26, 2025 | The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for… | |||
| CVE-2024-10628 | 0.00 | — | 0.01 | Jan 26, 2025 | The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to… | |||
| CVE-2024-8488 | 0.00 | — | 0.00 | Oct 8, 2024 | The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with… | |||
| CVE-2024-7713 | 0.00 | — | 0.00 | Sep 27, 2024 | The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it | |||
| CVE-2024-4061 | 0.00 | — | 0.00 | May 21, 2024 | The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite… | |||
| CVE-2024-3477 | 0.00 | — | 0.00 | May 2, 2024 | The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks | |||
| CVE-2023-35764 | 0.00 | — | 0.00 | Apr 3, 2024 | Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting. | |||
| CVE-2023-34423 | 0.00 | — | 0.00 | Apr 3, 2024 | Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the administrative privilege. | |||
| CVE-2023-6591 | 0.00 | — | 0.00 | Feb 12, 2024 | The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||
| CVE-2023-5809 | 0.00 | — | 0.00 | Dec 4, 2023 | The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite… | |||
| CVE-2023-5874 | 0.00 | — | 0.00 | Dec 4, 2023 | The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite… | |||
| CVE-2023-5343 | 0.00 | — | 0.00 | Nov 20, 2023 | The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||
| CVE-2023-4390 | 0.00 | — | 0.00 | Oct 31, 2023 | The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). | |||
| CVE-2023-39917 | 0.00 | — | 0.00 | Oct 3, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions. | |||
| CVE-2023-32107 | 0.00 | — | 0.00 | Aug 18, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions. | |||
| CVE-2023-27414 | 0.00 | — | 0.00 | Jun 21, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions. | |||
| CVE-2023-2568 | 0.00 | — | 0.00 | Jun 12, 2023 | The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||
| CVE-2022-29445 | 0.00 | — | 0.01 | May 18, 2022 | Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress. | |||
| CVE-2021-24484 | 0.00 | — | 0.01 | Aug 2, 2021 | The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in… | |||
| CVE-2021-24483 | 0.00 | — | 0.01 | Aug 2, 2021 | The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in… | |||
| CVE-2021-24463 | 0.00 | — | 0.01 | Aug 2, 2021 | The get_sliders() function in the Image Slider by Ays- Responsive Slider and Carousel WordPress plugin before 2.5.0 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in… | |||
| CVE-2021-24462 | 0.00 | — | 0.01 | Aug 2, 2021 | The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls,… | |||
| CVE-2021-24461 | 0.00 | — | 0.01 | Aug 2, 2021 | The get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard | |||
| CVE-2021-24459 | 0.00 | — | 0.01 | Aug 2, 2021 | The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard | |||
| CVE-2021-24458 | 0.00 | — | 0.01 | Aug 2, 2021 | The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the… | |||
| CVE-2021-24456 | 0.00 | — | 0.01 | Aug 2, 2021 | The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard |
- risk 0.34cvss 5.3epss 0.01
The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated…
- risk 0.31cvss 5.8epss 0.00
The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate_reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers…
- risk 0.29cvss 4.4epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Secure Copy Content Protection and Content Locking: from…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.6.3.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.64.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.5.3.
- risk 0.28cvss 4.3epss 0.00
Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker survey-maker allows Identity Spoofing.This issue affects Survey Maker: from n/a through <= 5.1.6.3.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Popup Box Team Popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup box: from n/a through 4.5.1.
- risk 0.28cvss 5.3epss 0.01
The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz…
- risk 0.27cvss 5.3epss 0.00
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays_chatgpt_save_wp_media' function in all versions up to, and including, 2.7.0. This makes it possible for…
- risk 0.27cvss 5.3epss 0.00
The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 4.9.7. This makes it…
- risk 0.27cvss 5.3epss 0.01
The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated…
- risk 0.24cvss 3.7epss 0.00
Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4.
- risk 0.21cvss 4.3epss 0.00
The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.0. This is due to missing or incorrect nonce validation on the bulk delete functionality. This makes it possible for…
- risk 0.21cvss 4.3epss 0.00
The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers,…
- CVE-2025-10042Sep 17, 2025risk 0.03cvss —epss 0.01
The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it…
- CVE-2024-7714Sep 27, 2024risk 0.02cvss —epss 0.01
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby…
- CVE-2025-12426Nov 19, 2025risk 0.00cvss —epss 0.00
The Quiz Maker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.7.0.80. This is due to the plugin exposing quiz answers through the ays_quiz_check_answer AJAX action without proper authorization checks. The endpoint…
- CVE-2024-9599May 15, 2025risk 0.00cvss —epss 0.00
The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…
- CVE-2024-8617May 15, 2025risk 0.00cvss —epss 0.00
The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…
- CVE-2024-13505Jan 26, 2025risk 0.00cvss —epss 0.00
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for…
- CVE-2024-10628Jan 26, 2025risk 0.00cvss —epss 0.01
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to…
- CVE-2024-8488Oct 8, 2024risk 0.00cvss —epss 0.00
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
- CVE-2024-7713Sep 27, 2024risk 0.00cvss —epss 0.00
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it
- CVE-2024-4061May 21, 2024risk 0.00cvss —epss 0.00
The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…
- CVE-2024-3477May 2, 2024risk 0.00cvss —epss 0.00
The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks
- CVE-2023-35764Apr 3, 2024risk 0.00cvss —epss 0.00
Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting.
- CVE-2023-34423Apr 3, 2024risk 0.00cvss —epss 0.00
Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the administrative privilege.
- CVE-2023-6591Feb 12, 2024risk 0.00cvss —epss 0.00
The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
- CVE-2023-5809Dec 4, 2023risk 0.00cvss —epss 0.00
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…
- CVE-2023-5874Dec 4, 2023risk 0.00cvss —epss 0.00
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…
- CVE-2023-5343Nov 20, 2023risk 0.00cvss —epss 0.00
The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
- CVE-2023-4390Oct 31, 2023risk 0.00cvss —epss 0.00
The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
- CVE-2023-39917Oct 3, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.
- CVE-2023-32107Aug 18, 2023risk 0.00cvss —epss 0.00
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions.
- CVE-2023-27414Jun 21, 2023risk 0.00cvss —epss 0.00
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.
- CVE-2023-2568Jun 12, 2023risk 0.00cvss —epss 0.00
The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- CVE-2022-29445May 18, 2022risk 0.00cvss —epss 0.01
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress.
- CVE-2021-24484Aug 2, 2021risk 0.00cvss —epss 0.01
The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in…
- CVE-2021-24483Aug 2, 2021risk 0.00cvss —epss 0.01
The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in…
- CVE-2021-24463Aug 2, 2021risk 0.00cvss —epss 0.01
The get_sliders() function in the Image Slider by Ays- Responsive Slider and Carousel WordPress plugin before 2.5.0 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in…
- CVE-2021-24462Aug 2, 2021risk 0.00cvss —epss 0.01
The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls,…
- CVE-2021-24461Aug 2, 2021risk 0.00cvss —epss 0.01
The get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
- CVE-2021-24459Aug 2, 2021risk 0.00cvss —epss 0.01
The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
- CVE-2021-24458Aug 2, 2021risk 0.00cvss —epss 0.01
The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the…
- CVE-2021-24456Aug 2, 2021risk 0.00cvss —epss 0.01
The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard
Page 2 of 2