Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ays-pro — Vulnerabilities & Security Advisories 37

Browse all 37 CVE security advisories affecting ays-pro. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ays-pro functions as a comprehensive enterprise resource planning and customer relationship management platform, primarily serving mid-to-large organizations for operational management. Its extensive feature set has historically exposed it to a wide array of security flaws, with thirty-seven Common Vulnerabilities and Exposures currently documented. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and SQL injection, often stemming from insufficient input validation and improper access controls. Several incidents highlight critical privilege escalation risks, allowing unauthorized users to gain administrative access or execute arbitrary commands on the underlying server infrastructure. The complexity of the application’s architecture has contributed to these persistent weaknesses, making regular patching and rigorous security auditing essential for deployment. Organizations utilizing ays-pro must prioritize strict configuration management to mitigate the risk of data breaches and system compromise associated with these known defects.

Top products by ays-pro: Poll Maker – Versus Polls, Anonymous Polls, Image Polls Quiz Maker Survey Maker Secure Copy Content Protection and Content Locking Popup Box – Create Countdown, Coupon, Video, Contact Form Popups AI ChatBot with ChatGPT and Content Generator by AYS Chartify – WordPress Chart Plugin FAQ Builder AYS Photo Gallery by Ays – Responsive Image Gallery Image Slider by Ays- Responsive Slider and Carousel Fox LMS – WordPress LMS Plugin Quiz Maker by AYS
CVE IDTitleCVSSSeverityPublished
CVE-2026-6817 Quiz Maker by AYS <= 6.7.1.29 - Unauthenticated Stored Cross-Site Scripting via 'rate_reason' — Quiz Maker by AYSCWE-79 5.8 Medium2026-05-02
CVE-2026-1336 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.5 - Missing Authorization to Unauthenticated API Key Modification — AI ChatBot with ChatGPT and Content Generator by AYSCWE-862 5.3 Medium2026-03-02
CVE-2026-2367 Secure Copy Content Protection and Content Locking <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute — Secure Copy Content Protection and Content LockingCWE-79 6.4 Medium2026-02-25
CVE-2026-2384 Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Quiz MakerCWE-79 6.4 Medium2026-02-20
CVE-2026-1320 Secure Copy Content Protection and Content Locking <= 4.9.8 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header — Secure Copy Content Protection and Content LockingCWE-79 7.2 High2026-02-12
CVE-2026-1165 Popup Box <= 6.1.1 - Cross-Site Request Forgery to Popup Status Change — Popup Box – Create Countdown, Coupon, Video, Contact Form PopupsCWE-352 4.3 Medium2026-01-31
CVE-2025-14156 Fox LMS – WordPress LMS Plugin 1.0.4.7 - 1.0.5.1 - Unauthenticated Privilege Escalation via 'createOrder' — Fox LMS – WordPress LMS PluginCWE-20 9.8 Critical2025-12-15
CVE-2025-14454 Image Slider by Ays- Responsive Slider and Carousel <= 2.7.0 - Cross-Site Request Forgery to Arbitrary Slider Deletion — Image Slider by Ays- Responsive Slider and CarouselCWE-352 4.3 Medium2025-12-13
CVE-2025-14159 Secure Copy Content Protection and Content Locking <= 4.9.2 - Cross-Site Request Forgery to Data Export — Secure Copy Content Protection and Content LockingCWE-352 4.3 Medium2025-12-12
CVE-2025-14442 Secure Copy Content Protection and Content Locking <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File — Secure Copy Content Protection and Content LockingCWE-552 5.3 Medium2025-12-12
CVE-2025-13685 Photo Gallery by Ays <= 6.4.8 - Cross-Site Request Forgery to Bulk Actions — Photo Gallery by Ays – Responsive Image GalleryCWE-352 4.3 Medium2025-12-02
CVE-2025-13381 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads — AI ChatBot with ChatGPT and Content Generator by AYSCWE-862 5.3 Medium2025-11-27
CVE-2025-13378 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter — AI ChatBot with ChatGPT and Content Generator by AYSCWE-918 6.5 Medium2025-11-27
CVE-2025-12426 Quiz Maker <= 6.7.0.80 - Unauthenticated Sensitive Information Exposure — Quiz MakerCWE-200 5.3 Medium2025-11-19
CVE-2025-12620 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 6.0.7 - Authenticated (Administrator+) SQL Injection via `filterbyauthor` Parameter — Poll Maker – Versus Polls, Anonymous Polls, Image PollsCWE-89 4.9 Medium2025-11-13
CVE-2025-12891 Survey Maker <= 5.1.9.4 - Missing Authorization to Unauthenticated Information Exposure — Survey MakerCWE-862 5.3 Medium2025-11-13
CVE-2025-12892 Survey Maker <= 5.1.9.4 - Missing Authorization to Unauthenticated Limited Option Update — Survey MakerCWE-862 5.3 Medium2025-11-13
CVE-2025-11171 Chartify – WordPress Chart Plugin <= 3.5.9 - Missing Authentication for Administrative Function — Chartify – WordPress Chart PluginCWE-306 5.3 Medium2025-10-08
CVE-2025-10042 Quiz Maker <= 6.7.0.56 - Unauthenticated SQL Injection — Quiz MakerCWE-89 5.9 Medium2025-09-17
CVE-2024-12575 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.8.9 - Unauthenticated Basic Information Exposure — Poll Maker – Versus Polls, Anonymous Polls, Image PollsCWE-200 5.3 Medium2025-08-16
CVE-2025-1404 Secure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function — Secure Copy Content Protection and Content LockingCWE-862 5.3 Medium2025-03-01
CVE-2024-13505 Survey Maker <= 5.1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting via Survey Question — Survey MakerCWE-79 5.5 Medium2025-01-26
CVE-2024-12115 Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication — Poll Maker – Versus Polls, Anonymous Polls, Image PollsCWE-352 4.3 Medium2024-12-07
CVE-2024-11458 FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting — FAQ Builder AYSCWE-79 6.1 Medium2024-11-28
CVE-2024-10861 Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited Options Update — Popup Box – Create Countdown, Coupon, Video, Contact Form PopupsCWE-862 5.3 Medium2024-11-16
CVE-2024-10571 Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source — Chartify – WordPress Chart PluginCWE-98 9.8 Critical2024-11-14
CVE-2024-9874 WordPress Poll Maker Plugin <= 5.4.6 - Authenticated (Administrator+) Time-Based SQL Injection — Poll Maker – Versus Polls, Anonymous Polls, Image PollsCWE-89 4.9 Medium2024-11-09
CVE-2024-9475 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) SQL Injection via Order_by Parameter — Poll Maker – Versus Polls, Anonymous Polls, Image PollsCWE-89 4.9 Medium2024-10-26
CVE-2024-9462 Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Poll Settings — Poll Maker – Versus Polls, Anonymous Polls, Image PollsCWE-79 5.5 Medium2024-10-26
CVE-2024-8488 Survey Maker – Customer Satisfaction Questionnaire, Chat Survey, Calculation Form, Payment Forms <= 4.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting — Survey MakerCWE-79 4.4 Medium2024-10-08

This page lists every published CVE security advisory associated with ays-pro. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.