Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ays-pro — Vulnerabilities & Security Advisories 36

Browse all 36 CVE security advisories affecting ays-pro. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by ays-pro:Poll Maker – Versus Polls, Anonymous Polls, Image PollsQuiz MakerSurvey MakerSecure Copy Content Protection and Content LockingPopup Box – Create Countdown, Coupon, Video, Contact Form PopupsAI ChatBot with ChatGPT and Content Generator by AYSChartify – WordPress Chart PluginFAQ Builder AYSPhoto Gallery by Ays – Responsive Image GalleryImage Slider by Ays- Responsive Slider and CarouselFox LMS – WordPress LMS Plugin
CVE IDTitleCVSSSeverityPublished
CVE-2026-1336 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.5 - Missing Authorization to Unauthenticated API Key Modification — AI ChatBot with ChatGPT and Content Generator by AYSCWE-862 5.3 Medium2026-03-02
CVE-2026-2367 Secure Copy Content Protection and Content Locking <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute — Secure Copy Content Protection and Content LockingCWE-79 6.4 Medium2026-02-25
CVE-2026-2384 Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Quiz MakerCWE-79 6.4 Medium2026-02-20
CVE-2026-1320 Secure Copy Content Protection and Content Locking <= 4.9.8 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header — Secure Copy Content Protection and Content LockingCWE-79 7.2 High2026-02-12
CVE-2026-1165 Popup Box <= 6.1.1 - Cross-Site Request Forgery to Popup Status Change — Popup Box – Create Countdown, Coupon, Video, Contact Form PopupsCWE-352 4.3 Medium2026-01-31
CVE-2025-14156 Fox LMS – WordPress LMS Plugin 1.0.4.7 - 1.0.5.1 - Unauthenticated Privilege Escalation via 'createOrder' — Fox LMS – WordPress LMS PluginCWE-20 9.8 Critical2025-12-15
CVE-2025-14454 Image Slider by Ays- Responsive Slider and Carousel <= 2.7.0 - Cross-Site Request Forgery to Arbitrary Slider Deletion — Image Slider by Ays- Responsive Slider and CarouselCWE-352 4.3 Medium2025-12-13
CVE-2025-14159 Secure Copy Content Protection and Content Locking <= 4.9.2 - Cross-Site Request Forgery to Data Export — Secure Copy Content Protection and Content LockingCWE-352 4.3 Medium2025-12-12
CVE-2025-14442 Secure Copy Content Protection and Content Locking <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File — Secure Copy Content Protection and Content LockingCWE-552 5.3 Medium2025-12-12
CVE-2025-13685 Photo Gallery by Ays <= 6.4.8 - Cross-Site Request Forgery to Bulk Actions — Photo Gallery by Ays – Responsive Image GalleryCWE-352 4.3 Medium2025-12-02
CVE-2025-13381 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads — AI ChatBot with ChatGPT and Content Generator by AYSCWE-862 5.3 Medium2025-11-27
CVE-2025-13378 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter — AI ChatBot with ChatGPT and Content Generator by AYSCWE-918 6.5 Medium2025-11-27
CVE-2025-12426 Quiz Maker <= 6.7.0.80 - Unauthenticated Sensitive Information Exposure — Quiz MakerCWE-200 5.3 Medium2025-11-19
CVE-2025-12620 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 6.0.7 - Authenticated (Administrator+) SQL Injection via `filterbyauthor` Parameter — Poll Maker – Versus Polls, Anonymous Polls, Image PollsCWE-89 4.9 Medium2025-11-13
CVE-2025-12891 Survey Maker <= 5.1.9.4 - Missing Authorization to Unauthenticated Information Exposure — Survey MakerCWE-862 5.3 Medium2025-11-13
CVE-2025-12892 Survey Maker <= 5.1.9.4 - Missing Authorization to Unauthenticated Limited Option Update — Survey MakerCWE-862 5.3 Medium2025-11-13
CVE-2025-11171 Chartify – WordPress Chart Plugin <= 3.5.9 - Missing Authentication for Administrative Function — Chartify – WordPress Chart PluginCWE-306 5.3 Medium2025-10-08
CVE-2025-10042 Quiz Maker <= 6.7.0.56 - Unauthenticated SQL Injection — Quiz MakerCWE-89 5.9 Medium2025-09-17
CVE-2024-12575 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.8.9 - Unauthenticated Basic Information Exposure — Poll Maker – Versus Polls, Anonymous Polls, Image PollsCWE-200 5.3 Medium2025-08-16
CVE-2025-1404 Secure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function — Secure Copy Content Protection and Content LockingCWE-862 5.3 Medium2025-03-01
CVE-2024-13505 Survey Maker <= 5.1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Survey Question — Survey MakerCWE-79 5.5 Medium2025-01-26
CVE-2024-12115 Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication — Poll Maker – Versus Polls, Anonymous Polls, Image PollsCWE-352 4.3 Medium2024-12-07
CVE-2024-11458 FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting — FAQ Builder AYSCWE-79 6.1 Medium2024-11-28
CVE-2024-10861 Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited Options Update — Popup Box – Create Countdown, Coupon, Video, Contact Form PopupsCWE-862 5.3 Medium2024-11-16
CVE-2024-10571 Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source — Chartify – WordPress Chart PluginCWE-98 9.8 Critical2024-11-14
CVE-2024-9874 WordPress Poll Maker Plugin <= 5.4.6 - Authenticated (Administrator+) Time-Based SQL Injection — Poll Maker – Versus Polls, Anonymous Polls, Image PollsCWE-89 4.9 Medium2024-11-09
CVE-2024-9475 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) SQL Injection via Order_by Parameter — Poll Maker – Versus Polls, Anonymous Polls, Image PollsCWE-89 4.9 Medium2024-10-26
CVE-2024-9462 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Poll Settings — Poll Maker – Versus Polls, Anonymous Polls, Image PollsCWE-79 5.5 Medium2024-10-26
CVE-2024-8488 Survey Maker – Customer Satisfaction Questionnaire, Chat Survey, Calculation Form, Payment Forms <= 4.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting — Survey MakerCWE-79 4.4 Medium2024-10-08
CVE-2024-6028 Quiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' Parameter — Quiz MakerCWE-89 9.8 Critical2024-06-25

This page lists every published CVE security advisory associated with ays-pro. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.