Ays-Pro: Security Vulnerabilities
Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-04-03
Survey Maker prior to 3.6.4 contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with the administrative privilege.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-04-03
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Reflected XSS.This issue affects Survey Maker: from n/a through 4.0.6.
CVSS Score
7.1
EPSS Score
0.003
Published
2024-03-27
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 4.0.5.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-03-19
The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVSS Score
4.8
EPSS Score
0.004
Published
2024-02-12
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify – WordPress Chart Plugin allows Stored XSS.This issue affects Chartify – WordPress Chart Plugin: from n/a through 2.0.6.
CVSS Score
5.9
EPSS Score
0.0
Published
2024-02-12
The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII.
CVSS Score
5.3
EPSS Score
0.007
Published
2024-02-07
The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-02-07
Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-01-12
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-12-26