Skip to main content

Image Slider By Ays

2 CVEs product

Monthly

CVE-2026-32494 HIGH This Week

A Cross-site Scripting (XSS) vulnerability exists in the Ays Pro Image Slider WordPress plugin (versions up to and including 2.7.1) due to improper input neutralization during web page generation, combined with incorrectly configured access control security levels. Attackers can inject malicious scripts that execute in the context of other users' browsers, potentially stealing session tokens, redirecting users, or performing unauthorized actions on behalf of victims. No CVSS score, EPSS data, or active exploitation signals (KEV status) are currently available, but the vulnerability is confirmed by Patchstack and assigned EUVD-2026-15837.

XSS Image Slider By Ays
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-32402 MEDIUM This Month

Image Slider By Ays versions 2.7.1 and earlier contain a missing authorization flaw that allows unauthenticated remote attackers to modify content through improper access control validation. The vulnerability affects the plugin's core functionality and could enable unauthorized changes to website content without proper authentication checks. No patch is currently available.

Authentication Bypass Image Slider By Ays
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

A Cross-site Scripting (XSS) vulnerability exists in the Ays Pro Image Slider WordPress plugin (versions up to and including 2.7.1) due to improper input neutralization during web page generation, combined with incorrectly configured access control security levels. Attackers can inject malicious scripts that execute in the context of other users' browsers, potentially stealing session tokens, redirecting users, or performing unauthorized actions on behalf of victims. No CVSS score, EPSS data, or active exploitation signals (KEV status) are currently available, but the vulnerability is confirmed by Patchstack and assigned EUVD-2026-15837.

XSS Image Slider By Ays
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Image Slider By Ays versions 2.7.1 and earlier contain a missing authorization flaw that allows unauthenticated remote attackers to modify content through improper access control validation. The vulnerability affects the plugin's core functionality and could enable unauthorized changes to website content without proper authentication checks. No patch is currently available.

Authentication Bypass Image Slider By Ays
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy