54 matches found
EUVD-2024-34024
Malicious code in bioql PyPI...
EUVD-2023-36375
Malicious code in bioql PyPI...
CVE-2025-57947
CVE-2025-57947 is a DOM-based XSS in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin. The initial description notes improper input neutralization during web page generation. Connected docs corroborate target: Photo Gallery by Ays; affected versions listed as
CVE-2023-32107
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin = 5.1.3 versions...
CVE-2025-27285
CVE-2025-27285 is a reflected XSS in WordPress plugin Easy Form by AYS, caused by improper input neutralization during web page generation. Affected: Easy Form by AYS (versions n/a–2.6.9). Impact per sources: potential user-facing cross-site scripting with HIGH severities (CVSS v3.1 ~7.1). Mitiga...
CVE-2024-11458
The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'aysfaqtab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
CVE-2024-11458
CVE-2024-11458 affects the WordPress plugin FAQ Builder AYS (versions ≤ 1.7.1). The vulnerability is a Reflected Cross-Site Scripting via the ays_faq_tab parameter caused by insufficient input sanitization and output escaping. Exploitation requires user interaction (e.g., tricking a user into cli...
WordPress AI Assistant with ChatGPT by AYS plugin <= 2.0.9 - Unauthenticated AJAX Calls vulnerability
Unauthenticated AJAX Calls vulnerability discovered by Kieran Burge in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.0.9...
WordPress AI Chatbot with ChatGPT by AYS plugin <= 2.0.9 - Unauthenticated OpenAI Key Disclosure vulnerability
Unauthenticated OpenAI Key Disclosure vulnerability discovered by Kieran Burge in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.0.9...
WordPress AI ChatBot with ChatGPT and Content Generator by AYS Plugin <= 2.0.9 is vulnerable to Sensitive Data Exposure
Software AI ChatBot with ChatGPT and Content Generator by AYS Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.1.0 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-7713 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 5f8161e14afa Credi...
WordPress Photo Gallery by Ays plugin < 5.7.1 - HTML Injection vulnerability
HTML Injection vulnerability discovered by Ibnu Ubaeydillah Patchstack Alliance in WordPress Plugin Photo Gallery by Ays versions 5.7.1...
WordPress Photo Gallery by Ays Plugin < 5.7.1 is vulnerable to Content Injection
Software Photo Gallery by Ays Type Plugin Vulnerable versions 5.7.1 Fixed in 5.7.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-37442 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID 76b249292f10 Credits Ibnu Ubaeydillah Required privilege...
WordPress Plugin Photo Gallery by Ays 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Photo Gallery by Ays Plugin <= 5.5.2 is vulnerable to Cross Site Scripting (XSS)
Software Photo Gallery by Ays Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29919 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1347875f8607 Credits Majed Refaea Required...
CVE-2023-39917 WordPress Photo Gallery by Ays Plugin <= 5.2.6 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin = 5.2.6 versions...
CVE-2023-32498
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Easy Form team Easy Form by AYS plugin = 1.2.0 versions...
CVE-2023-32498
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Easy Form team Easy Form by AYS plugin = 1.2.0 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Easy Form team Easy Form by AYS plugin = 1.2.0 versions...
CVE-2023-32498 WordPress Easy Form by AYS Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Easy Form team Easy Form by AYS plugin = 1.2.0 versions...
CVE-2023-32498
CVE-2023-32498 : WordPress plugin Easy Form by AYS, affected versions ≤ 1.2.0, suffers a stored XSS vulnerability that requires administrator privileges. Patch available in version 1.2.1; update to 1.2.1 or later to fix.