CVE-2026-6817

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ratereason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2026-6817

The affected software is the WordPress plugin “Quiz Maker by AYS.” The vulnerability is a Stored Cross-Site Scripting in the rate_reason parameter present in all versions up to 6.7.1.29, caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject...

CVE-2026-6817 Quiz Maker by AYS <= 6.7.1.29 - Unauthenticated Stored Cross-Site Scripting via 'rate_reason'

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ratereason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2026-32494

CVE-2026-32494 corresponds to an unauthenticated Stored Cross-Site Scripting vulnerability in the WordPress plugin Image Slider by Ays (ays-slider) , affecting versions up to 2.7.1. The Wordfence entry (and CVE record) indicate the issue is in the Ays Slider/Pro Image Slider, tied to improper inp...

CVE-2026-32494 WordPress Image Slider by Ays plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through = 2.7.1...

CVE-2026-32494 WordPress Image Slider by Ays plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through = 2.7.1...

WordPress Image Slider by Ays plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by w41bu1 in WordPress Plugin Image Slider by Ays versions = 2.7.1...

CVE-2026-32402 WordPress Image Slider by Ays plugin <= 2.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through = 2.7.1...

CVE-2026-32402 WordPress Image Slider by Ays plugin <= 2.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through = 2.7.1...

CVE-2026-25338 WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through = 2.7.4...

CVE-2026-25338

CVE-2026-25338 concerns the WordPress plugin AI ChatBot with ChatGPT and Content Generator by AYS (versions through 2.7.4). Connected sources describe a Broken Access Control / Missing Authorization issue caused by misconfigured access control security levels, potentially enabling unauthorized ac...

CVE-2025-14454

The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.0. This is due to missing or incorrect nonce validation on the bulk delete functionality. This makes it possible for unauthenticated...

CVE-2025-13685

The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.8. This is due to missing nonce verification on the bulk action functionality in the 'processbulkaction' function. This makes it possible for unauthenticated attacke...

CVE-2025-13685

CVE-2025-13685 concerns the WordPress plugin Photo Gallery by Ays (versions up to 6.4.8) with a Cross-Site Request Forgery flaw due to missing nonce verification in the bulk action handler (process_bulk_action). This allows unauthenticated attackers to induce bulk operations (delete/publish/unpub...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter vulnerability

Unauthenticated Server-Side Request Forgery via 'pineconeurl' Parameter vulnerability discovered by blue0x1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.0...

CVE-2025-13378

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ayschatgptpineconeupsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary...

CVE-2025-13378 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter

The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ayschatgptpineconeupsert function. This makes it possible for unauthenticated attackers to make web requests to arbitrary...

CVE-2025-13378

CVE-2025-13378 affects the WordPress plugin AI ChatBot with ChatGPT and Content Generator by AYS. Versions

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads vulnerability

Missing Authorization to Unauthenticated Media File Uploads vulnerability discovered by blue0x1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.0...

CVE-2025-62039

Summary (CVE-2025-62039) Insertion of Sensitive Information Into Sent Data affects the WordPress plugin “AI ChatBot with ChatGPT and Content Generator by AYS” (versions up to 2.6.6). The issue allows retrieval of embedded sensitive data from sent data, as described by multiple sources. CVSS v3.1 ...