Poll Maker
Ays Pro
Developer
6.4.0
Latest version
7,000
Installations
No date
Last updated
Vulnerability history
0 present
23 patched
8 Mitigation rules
- Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action vulnerability<= 6.3.728/05/2026
- Authenticated (Administrator+) SQL Injection via `filterbyauthor` Parameter vulnerability<= 6.0.712/11/2025
- Cross Site Scripting (XSS) Vulnerability<= 6.0.222/09/2025
- Unauthenticated Basic Information Exposure vulnerability<= 5.8.915/08/2025
- Race Condition Vulnerability<= 5.7.707/05/2025
- Admin+ Stored XSS vulnerability< 5.5.418/03/2025
- SQL Injection vulnerability<= 5.6.523/02/2025
- Broken Access Control vulnerability<= 5.5.603/01/2025
- HTML Injection vulnerability< 5.5.503/01/2025
- Broken Access Control vulnerability<= 5.5.015/12/2024
- Cross-Site Request Forgery to Poll Duplication vulnerability<= 5.5.406/12/2024
- Authenticated (Administrator+) Time-Based SQL Injection vulnerability<= 5.4.608/11/2024
- Authenticated (Administrator+) SQL Injection vulnerability<= 5.4.625/10/2024
- Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability<= 5.4.625/10/2024
- Missing Authorization to Unauthenticated Email Enumeration vulnerability<= 5.1.819/04/2024
- Missing Authorization to Unauthenticated Stored Cross-Site Scripting vulnerability<= 5.1.819/04/2024
- Broken Access Control vulnerability<= 4.8.026/12/2023
- Broken Access Control vulnerability<= 4.7.112/10/2023
- Reflected Cross Site Scripting (XSS) vulnerability<= 4.7.005/09/2023
- Server Side Request Forgery (SSRF) vulnerability<= 4.6.226/06/2023
- Unauthenticated Time-Based SQL Injection (SQLi) vulnerability<= 3.4.113/09/2021
- Reflected Cross-Site Scripting (XSS) vulnerability<= 3.2.826/07/2021
- Authenticated Blind SQL Injection (SQLi) vulnerability<= 3.2.029/06/2021