ays-pro
Web & CMS Pluginscommercial
Latest CVEs
The 15 most recently published vulnerabilities affecting ays-pro.
- CVE-2026-8995Poll Maker by AYS <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action4.3
- CVE-2026-6817Quiz Maker by AYS <= 6.7.1.29 - Unauthenticated Stored Cross-Site Scripting via 'rate_reason'5.8
- CVE-2025-15611Popup Box AYS Pro < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF5.4
- CVE-2026-1336AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.5 - Missing Authorization to Unauthenticated API Key Modification5.3
- CVE-2026-2367Secure Copy Content Protection and Content Locking <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute6.4
- CVE-2026-2384Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode6.4
- CVE-2026-1320Secure Copy Content Protection and Content Locking <= 4.9.8 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header7.2
- CVE-2026-1165Popup Box <= 6.1.1 - Cross-Site Request Forgery to Popup Status Change4.3
- CVE-2025-14156Fox LMS – WordPress LMS Plugin 1.0.4.7 - 1.0.5.1 - Unauthenticated Privilege Escalation via 'createOrder'9.8
- CVE-2025-14454Image Slider by Ays- Responsive Slider and Carousel <= 2.7.0 - Cross-Site Request Forgery to Arbitrary Slider Deletion4.3
- CVE-2025-14159Secure Copy Content Protection and Content Locking <= 4.9.2 - Cross-Site Request Forgery to Data Export4.3
- CVE-2025-14442Secure Copy Content Protection and Content Locking <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File5.3
- CVE-2025-67595WordPress Quiz Maker plugin <= 6.7.0.82 - Cross Site Request Forgery (CSRF) vulnerability4.3
- CVE-2025-13685Photo Gallery by Ays <= 6.4.8 - Cross-Site Request Forgery to Bulk Actions4.3
- CVE-2025-13381AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads5.3