Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Ays Pro

Source -

CNA

BOS Name -

AYS Pro Extensions

CNA CVEs -

19

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
19Vulnerabilities found
CVE-2025-54673
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 2.20%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chartify Plugin plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify allows Cross Site Request Forgery. This issue affects Chartify: from n/a through 3.5.3.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Chartify
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-47545
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.10%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-12 May, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Poll Maker <= 5.7.7 - Race Condition Vulnerability

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker allows Leveraging Race Conditions. This issue affects Poll Maker: from n/a through 5.7.7.

Action-Not Available
Vendor-AYS Pro Extensions
Product-poll_makerPoll Maker
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-24577
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:48
Updated-28 May, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Poll Maker plugin <= 5.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Poll Maker: from n/a through 5.5.0.

Action-Not Available
Vendor-AYS Pro Extensions
Product-poll_makerPoll Maker
CWE ID-CWE-862
Missing Authorization
CVE-2025-27285
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:48
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Form by AYS Plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Easy Form by AYS allows Reflected XSS. This issue affects Easy Form by AYS: from n/a through 2.6.9.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Easy Form by AYS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-32275
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 25.71%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 08:09
Updated-14 Apr, 2025 | 12:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Survey Maker plugin <= 5.1.5.4 - Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker allows Identity Spoofing. This issue affects Survey Maker: from n/a through 5.1.5.4.

Action-Not Available
Vendor-AYS Pro Extensions
Product-survey_makerSurvey Maker
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-32133
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 18.52%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Secure Copy Content Protection and Content Locking plugin <= 4.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.5.1.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Secure Copy Content Protection and Content Locking
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-30905
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 19.51%
||
7 Day CHG-0.00%
Published-01 Apr, 2025 | 20:58
Updated-02 Apr, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Secure Copy Content Protection and Content Locking plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.4.3.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Secure Copy Content Protection and Content Locking
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-30774
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-8.2||HIGH
EPSS-0.02% / 4.08%
||
7 Day CHG-0.03%
Published-01 Apr, 2025 | 05:31
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quiz Maker plugin <= 6.6.8.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Quiz Maker allows SQL Injection. This issue affects Quiz Maker: from n/a through 6.6.8.7.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Quiz Maker
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-30904
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 4.29%
||
7 Day CHG-0.04%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chartify plugin <= 3.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify allows Stored XSS. This issue affects Chartify: from n/a through 3.1.7.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Chartify
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-24484
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-7.2||HIGH
EPSS-0.57% / 67.55%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 10:32
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secure Copy Content Protection and Content Locking < 2.6.7 - Authenticated Blind SQL Injections

The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Action-Not Available
Vendor-AYS Pro Extensions
Product-secure_copy_content_protection_and_content_lockingSecure Copy Content Protection and Content Locking
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24483
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-7.2||HIGH
EPSS-0.57% / 67.55%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 10:32
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Poll Maker < 3.2.1 - Authenticated Blind SQL Injections

The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Action-Not Available
Vendor-AYS Pro Extensions
Product-poll_makerPoll Maker
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24463
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.36%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 10:32
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Image Slider by Ays - Responsive Slider and Carousel < 2.5.0 - Authenticated Blind SQL Injection

The get_sliders() function in the Image Slider by Ays- Responsive Slider and Carousel WordPress plugin before 2.5.0 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Action-Not Available
Vendor-AYS Pro Extensions
Product-image_sliderImage Slider by Ays- Responsive Slider and Carousel
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24462
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.36%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 10:32
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections

The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Action-Not Available
Vendor-AYS Pro Extensions
Product-photo_galleryPhoto Gallery by Ays – Responsive Image Gallery
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24461
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.36%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 10:32
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FAQ Builder < 1.3.6 - Authenticated Blind SQL Injections

The get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Action-Not Available
Vendor-AYS Pro Extensions
Product-faq_builderFAQ Builder AYS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24460
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.36%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 10:32
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Popup Like box - Page Plugin < 3.5.3 - Authenticated Blind SQL Injections

The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Action-Not Available
Vendor-AYS Pro Extensions
Product-popup_boxPopup Like box – Page Plugin
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24459
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.36%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 10:32
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Survey Maker < 1.5.6 - Authenticated Blind SQL Injections

The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Action-Not Available
Vendor-AYS Pro Extensions
Product-survey_makerSurvey Maker
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24457
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.36%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 10:32
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections

The get_portfolios() and get_portfolio_attributes() functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Action-Not Available
Vendor-AYS Pro Extensions
Product-portfolio_responsive_galleryPortfolio Responsive Gallery
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24458
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.36%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 10:32
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Popup box < 2.3.4 - Authenticated Blind SQL Injections

The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Action-Not Available
Vendor-AYS Pro Extensions
Product-popup_boxPopup box
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24456
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-7.2||HIGH
EPSS-0.63% / 69.32%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 10:32
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quiz Maker < 6.2.0.9 - Multiple Authenticated Blind SQL Injections

The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin dashboard

Action-Not Available
Vendor-AYS Pro Extensions
Product-quiz_makerQuiz Maker
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')