54 matches found
CVE-2023-32498 WordPress Easy Form by AYS Plugin <= 1.2.0 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Easy Form team Easy Form by AYS plugin = 1.2.0 versions...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin = 5.1.3 versions...
CVE-2023-32107 WordPress Photo Gallery by Ays Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin = 5.1.3 versions...
CVE-2023-32107 WordPress Photo Gallery by Ays Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin = 5.1.3 versions...
WordPress plugin Photo Gallery by Ays 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Photo Gallery by Ays Plugin <= 5.2.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software Photo Gallery by Ays Type Plugin Vulnerable versions = 5.2.6 Fixed in 5.2.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39917 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dcde53c55582 Credits Skalucy Requir...
WordPress Photo Gallery by Ays Plugin < 5.1.7 is vulnerable to Cross Site Scripting (XSS)
Software Photo Gallery by Ays Type Plugin Vulnerable versions 5.1.7 Fixed in 5.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2568 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 1b5a7b5e5c1c Credits Erwan LR WPScan...
CVE-2023-2568
The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress Plugin Photo Gallery by Ays 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Photo Gallery by Ays Plugin <= 5.1.3 is vulnerable to Cross Site Scripting (XSS)
Software Photo Gallery by Ays Type Plugin Vulnerable versions = 5.1.3 Fixed in 5.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32107 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f7b98519cd3e Credits Le Ngoc Anh...
CVE-2021-24462
The getgallerycategories and getgalleries functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in...
WordPress Image Slider by Ays plugin <= 2.4.9 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Image Slider by Ays plugin versions = 2.4.9. Solution Update the WordPress Image Slider by Ays plugin to the latest available version at least 2.5.0...
WordPress Photo Gallery by Ays plugin <= 4.4.3 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Photo Gallery by Ays plugin versions = 4.4.3. Solution Update the WordPress Photo Gallery by Ays plugin to the latest available version at least 4.4.4...
WordPress FAQ Builder AYS plugin <= 1.3.5 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress FAQ Builder AYS plugin versions = 1.3.5 Solution Update the WordPress FAQ Builder AYS plugin to the latest available version at least 1.3.6...