Image Slider By Ays
Monthly
A Cross-site Scripting (XSS) vulnerability exists in the Ays Pro Image Slider WordPress plugin (versions up to and including 2.7.1) due to improper input neutralization during web page generation, combined with incorrectly configured access control security levels. Attackers can inject malicious scripts that execute in the context of other users' browsers, potentially stealing session tokens, redirecting users, or performing unauthorized actions on behalf of victims. No CVSS score, EPSS data, or active exploitation signals (KEV status) are currently available, but the vulnerability is confirmed by Patchstack and assigned EUVD-2026-15837.
Image Slider By Ays versions 2.7.1 and earlier contain a missing authorization flaw that allows unauthenticated remote attackers to modify content through improper access control validation. The vulnerability affects the plugin's core functionality and could enable unauthorized changes to website content without proper authentication checks. No patch is currently available.
A Cross-site Scripting (XSS) vulnerability exists in the Ays Pro Image Slider WordPress plugin (versions up to and including 2.7.1) due to improper input neutralization during web page generation, combined with incorrectly configured access control security levels. Attackers can inject malicious scripts that execute in the context of other users' browsers, potentially stealing session tokens, redirecting users, or performing unauthorized actions on behalf of victims. No CVSS score, EPSS data, or active exploitation signals (KEV status) are currently available, but the vulnerability is confirmed by Patchstack and assigned EUVD-2026-15837.
Image Slider By Ays versions 2.7.1 and earlier contain a missing authorization flaw that allows unauthenticated remote attackers to modify content through improper access control validation. The vulnerability affects the plugin's core functionality and could enable unauthorized changes to website content without proper authentication checks. No patch is currently available.